As you may know, last Thursday, October 1st, was the deadline for merchants to be able to accept so-called “chip and PIN” or “chip and signature” smartcard credit cards and debit cards, with the EMV chip. Of course, while the burden is on the merchants to accept them, lots of consumers don’t actually have them, as their banks have not yet issued them a new chipped debit or credit card. Whether you already have your shiny, new chip and PIN or chip and signature card or not, here’s everything that you need to know about them.
The reason these cards are called chip and PIN or chip and signature is because they have a chip – an EMV chip – embedded in them. The EMV stands for Europay, Mastercard, and Visa, because these are the three merchant card providers who got together to promote the ‘chip embedded in a payment card’ technology.
By embedding a smartchip as an additional identifier right in the card, along with providing you with a PIN or requiring your signature, it makes the card more secure, and less prone to fraud and abuse when – and here is a key thing – when someone presents the card in person during a sales transaction.
Now, this is actually a pretty big deal, because when your credit card information is breached and stolen, often duplicate, fake cards are made from that data. If you have a chip in your card, then even if your credit card number, expiration date, etc., are acquired, the fake card that may be made from them won’t work without also having the chip embedded in it.
But, again, that only stops in-person fraud.
It doesn’t stop somebody from using your credit card details to order something online.
Moreover, while most of Europe and other countries use chip and PIN technology (where you have to insert, or “dip”, your card into the reader, and also provide your PIN), in the U.S. most will be adopting chip and signature technology, which means that if someone actually has your credit card, all they have to do is forge your signature – no PIN required. For in-person transactions this is no different than how it was in the states before last Thursday, where all that is required is a signature, which nobody ever checks. Ok, which merchants rarely check (we can all think of a case where a cashier actually checked our signature – and of course the fact that it is so memorable, because it is an exception, proves our point).
This is a source of frustration for merchants and consumers alike.
Moreover, your chip and signature card will not work any better than your old chipless card if you are travelling abroad, where the ATM and other financial systems in most countries expect chip and PIN.
So why would the U.S. adopt a half-way there technology?
Because, as Julie Conroy, a fraud analyst explained to Brian Krebs over at Krebs on Security, a card issuer told her directly that “We don’t really think we can teach Americans to do two things at once. So we’re going to start with teaching them how to dip, and if we have another watershed event like the Target breach and consumers start clamoring for PIN, then we’ll adjust.”
Apparently dipping and punching in your PIN is even harder than walking and chewing bubble gum, either that or generally you bank thinks you are too stupid to figure out how to stick your card in a machine and then punch in a number.
Says Matt Schulz of CreditCards.com, in an interview with Oregon Live, of the chip and signature alternative, “The reality is that people remember lots of PINs: on their phones, their debit cards, it wouldn’t have been that hard.”
So are there any chip and PIN cards available in the U.S.?
Yes, but you really have to look for them. There is some evidence that while Visa is more keen on the “easier” chip and signature, MasterCard was more keen on the more secure chip and PIN technology.
We have heard tell of a Wells Fargo Visa which offers chip and PIN, but we have been unable to verify that.
In addition, Bank of America offers a chipped debit card, and in fact if your bank offers a chipped debit card, then by definition, as a debit card, it will come with a PIN.
Other than that, we don’t know for certain of any card issuer offering chip and PIN. It seems that most of the major issuers, for example Chase, are offering only chip and signature.
In fact, some are minimizing the difference between chip and pin, and chip and signature, and not only downplaying the difference, but up-playing the “advantage” of chip and signature being ‘easier’, such as Capital One, when they say “Good news! Capital One chip cards will be Chip and Signature cards, so there’s no additional PIN to remember.”
We see this as a situation where consumer demand will probably drive which type of card a given bank, retailer, or other card issuer eventually goes with. If you demand a chip and PIN card, and if not available you switch to a card provider who does offer chip and PIN, and let your old provider know that is why you switched, that may make a difference.
So, let’s get out there and show those card issuers that we care more about the security of our funds and identity than, apparently, they do.
|Get notified of new Internet Patrol articles!