Chances are you’ve received new versions of your credit cards in the mail recently. These new cards may look exactly like the ones they are replacing except for one key addition — a computer chip.
This may make sense to you if you’ve recently been to Canada, Latin America, or Europe — or even your local Walmart — where you may have encountered terminals that ask spenders to dip their plastic rather than swipe. Credit cards with a computer chip have become the norm globally because they are generally safer for in-person purchases.
Here’s what you need to understand about your new card.
What does the chip do?
The computer chip — technically called an “EMV” chip for Europay, MasterCard, Visa, the three companies that created the technology standard — creates a unique signature for each transaction. By contrast, the info on your old card’s magnetic strip remained constant, making it easier to counterfeit. Basically, this means that hackers can’t skim your credit card’s data and then put it on another card to make fraudulent purchases.
Does that actually happen?
Counterfeit fraud –when someone steals the information off the magnetic strip when you swipe the card and then reproduces it on another card — actually accounts for 37% of all credit card fraud in the U.S. The fraudsters usually use those fake cards to buy things (like gift cards or smartphones) that the fraudster can then resell for cash.
OK, so the change sounds good. Why now?
It isn’t due to some new governmental regulation or law, but rather the result of a liability shift. MasterCard and Visa decided together that, after Oct. 1 whichever entity (bank or store) had the lesser technology would be responsible in the event of a hack. (Right now only the issuer is responsible.)
So if a bank didn’t issue an EMV card, it would be on the hook for any fraud that occurs. Ditto for a store that hadn’t installed a new terminal capable of reading the card. (If both have the technology, a MasterCard spokeswoman argues, there simply won’t be any counterfeit fraud.)
Will I really be dipping instead of swiping on Oct. 1?
It depends, but probably not that often — even though it’s been two years since MasterCard and Visa announced the deadline. In the U.S., which is the last big developed economy to introduce this payment system, adoption of EMV technology has been slow. Reissuing all of these cards has cost banks a decent chunk of change, and buying and installing new terminals capable of reading your new card are a big cost for small and big merchants alike.
MasterCard’s safety and security expert, Carolyn Balfany estimates that about 65% of all cards will have a chip and about 40% to 50% of merchants will have the necessary terminals by the end of the year. “Other countries have had to work years to get to those types of numbers,” says Balfany. “If we’re right about our projections, it would be terrific.”
So that sounds good, right?
Not so fast. Just because a store has a credit card terminal that can read these new cards doesn’t mean the system will be up and running.
As few as 20% of these new terminals may be usable by the end of the year, according to Mercator Advisory Group senior analyst Alex Johnson. “There’s so few merchants who will accept EMV that consumers will use magnetic strips for the majority of transactions for the next year or two.”
In fact, one recent survey found that only 22% of small business will be ready to accept EMV cards by the Oct. 1 deadline. And a majority of terminals won’t be enabled to read EMV credit cards until 2017, per a recent Mercator research note.
Does the deadline apply to all retailers?
One notable exception is gas stations. Due to the cost and regulatory complications of installing credit card processing at the pump, these merchants have until 2016 to make their upgrades. Which means, of course, that every time you fill up your tank, you could be the victim of fraud.
“I went to fill my car up the other night, and the way it was going in didn’t feel right, so I went to a different pump,” says Owen Wild, global marketing director for NCR, a consumer transaction technology company.
Once I get a card, do I need to do anything differently?
You may have heard that there are two different kinds of EMV technology: chip-and-PIN and chip-and-signature. To use your card at retailers that have a chip-and-PIN setup, you’ll need to create a personal ID number, much like with your debit card, and use it for purchases.
Chip-and-PIN technology is used more broadly overseas, and is considered safer since a PIN is harder to falsify. Both, however, will be accepted by merchants in the U.S.
Will EMV make online purchases safer?
Well … maybe. “Transactions made online or by phone aren’t affected by EMV technology, making them an attractive alternative to skimming for fraudsters,” says NerdWallet credit card expert Sean McQuay.
After the U.K. made a similar transition to EMV cards in the middle of the 2000s, something called “card not present” fraud — essentially online- and phone-related theft — jumped 186% from 2004 to 2014, according to Mercator, even though in-person fraud declined considerably over the same time period. (Of course, online purchases also exploded over that time period.)
What can you do? Be vigilant. Sign-up for text alerts after purchases, and monitor your transactions online. If you see a problem, call your credit card company. (Cards on the Discover It platform allow you to freeze your account if you’ve lost your card or see something fishy.)
But I’m not responsible for the fraud, right?
No, you are generally not responsible for the fraud that is committed on your card. The Fair Credit Billing Act caps the amount you can be charged for fraud, at $50. But chances are your issuer won’t actually charge you for anything that was illegally purchased, because issuers don’t want to make you think twice about spending on your card, says Johnson. They just want you to spend.
What about Apple Pay?
One side benefit for Apple and Android, and pretty soon Samsung, users is that these new terminals are equipped to take payments from your phone. So-called near field communication is generally considered to be safer than using your card, anyway. So once merchants get around to installing terminals capable of reading a credit card chip, you might be paying with your phone, anyway.