Holiday Shopping

Are you still swiping your chip-and-signature credit card when buying gas, groceries or holiday presents? Don’t be surprised if you find that someone has stolen your personal information and used it to make fraudulent purchases in your name.

The chip-and-signature credit cards that banks began issuing earlier this year are supposed to protect you from the criminals who want to steal your personal information to make counterfeit credit cards.

But there’s a problem: Too many retailers have yet to install the new readers needed for the chip-and-signature cards. When you shop with these retailers, you swipe your card the old-fashioned way, using the magnetic stripe that is still on the back of the card.

This exposes you to fraud, and makes all the security benefits provided by the computer chip embedded in your new credit card worthless.

“To copy a magnetic stripe, all it takes is equipment you can buy for below $100 off the Internet,” says Jo Lintzen

“To copy a magnetic stripe, all it takes is equipment you can buy for below $100 off the Internet,” says Jo Lintzen, vice president of business development with security manufacturer Utimaco. “It takes little effort to create a clone.”

The new EMV credit cards — EMV stands for Europay, MasterCard and Visa — are designed to reduce fraudulent purchases made from counterfeit cards. The cards do this thanks to tiny computer chips embedded in them. These chips create unique codes for every purchase, and the codes make it far more difficult for thieves to steal the credit-card information of consumers.

EMV Chip credit card
Credit Card with a new EMV Chip

Unfortunately fraudsters understand this too. 

They are looking for easier targets. And merchants that have yet to install the new chip-card readers count as easier targets.

Every time you swipe your chip card at a gas station or retail shop that hasn’t yet equipped its point-of-sale terminals with chip-card readers, you are putting your credit-card information at risk.

Lintzen says that it won’t be until 2018 that even close to all retailers will have chip-card readers. Even more troubling: Gas station do not have to install EMV scanners at their fuel pumps until October of 2017. Expect criminals, then, to continue targeting gas stations until they make the change to the more secure EMV scanners, he predicts.

What can consumers do?

Tom Donlea, eCommerce director at Whitepages, says that consumers need to do what they’ve always done: They need to study their monthly credit card statements carefully. If they discover any unusual purchases, they should immediately call their credit card provider.

It’s important to not ignore these fraudulent purchases, no matter how small, Donlea says.

Don’t be shocked, either, if you get a call from your bank asking about unusual purchases. Chip-and-signature cards have made life more difficult for fraudsters. But it’s also inspired them to go after easier victims, including those swiping their EMV cards at retailers not equipped yet with EMV scanners.

And if you’re making online purchases with your chip credit card? You have no more protection than you ever did. This is why many security experts say that they expect online credit card fraud to soar.

“Consumers are not liable for unauthorized purchases on their credit cards,” says Tom Donlea

“Consumers are not liable for unauthorized purchases on their credit cards,” says Tom Donlea. “But it is still a hassle to deal with them. You have to get a new credit card. You have to contact your credit card provider.”

Some security experts say that chip-and-signature cards, even when used with EMV scanners, are far from foolproof. Hector Hoyos, chief executive officer at Hoyos Labs, said that criminals can still hack chip-enabled cards. It just takes more work.

A recent story in The Hacker News proves Hoyos’ point. The story highlights the arrest of five French citizens who stole about $680,000 after stealing chip-enabled cards and adding second chips inside them.

“Consumers are at the same risk with chip-and-signature as they are with mag swipe because chip-and-pin has been hacked for many years in Europe,” Hoyos says. “It is a proven fact that chip-and-pin is not safe and can be scanned in much the same way that you can skim mag-swipe systems.”

The lesson this holiday shopping season?

Shop at retailers that have already installed their EMV scanners. And if you do shop at a retailer reading credit cards the old-fashioned way? Be vigilant about monitoring purchases listed on your card statements.

In short, be especially wary this merry shopping season.

Did you enjoy this article? Yes No
Oops! What was wrong? Please let us know.

Ask a Question