It’s been over a year since the October 1, 2015 deadline for merchants to adopt EMV chip credit card readers, but most stores are still lagging behind. With the 2016 holiday shopping season looming, only 33 percent of U.S. merchants who accept MasterCard have adopted chip card readers, even though MasterCard says 88 percent of its customers now have chip cards, and half of all cards in circulation now have chips. For consumers, this adoption lag means that you may still need to swipe the magnetic stripe on the back of your card at most stores. This might leave you wondering whether your card is really any safer than it was a year ago. Here’s an update on the state of card readers today, what it means for you as a consumer, and how you can keep your credit and transactions safe even if you still have to swipe your card.
Why Merchants Have Been Slow to Adopt Chip Card Readers
Merchants who have adopted chip card readers have experienced a dramatic decline in fraud. Visa says its merchants who have chip-enabled terminals saw fraud fall 47 percent year over year since last October, while Mastercard says the plunge in fraud for its merchants has been 54 percent. This is due to the fact that chip card readers create a unique code for each transaction which cannot be used to make another purchase, unlike magnetic stripes which contain credentials that can be duplicated. Also, chip cards are intended to require a PIN number as a second layer of protection.
However, most cards currently contain both a chip and a magnetic stripe, and most merchant readers can accept both. Merchants are reluctant to lose sales from customers who are still using swipe cards, explains Gartner analyst Avivah Litan. Additionally merchants and customers both complain about confusion over how to use the new cards and about longer lines caused by the slower speed of chip verification, a problem that plagued last year’s holiday shopping.
Also, the transition to chip cards with PIN numbers is being resisted by banks. Banks prefer signatures to verify transactions, and argue that PIN numbers only provide protection when thieves attempt to use lost or stolen cards, making the PIN numbers an unnecessary expense. Banks would prefer merchants to use other security measures such as encryption and tokenization.
Finally, gas stations were exempt from the 2015 EMV reader deadline and will not be taking chip cards until later.
The Risks to You as a Consumer
During the transition to full chip card adoption, consumers face lingering risks. Card readers that contain magnetic swipe card capability remain vulnerable to skimming machines that can duplicate cards. While your liability may be reduced under new regulations, it still presents a risk that thieves may run up your balance before you notice, which can be inconvenient. It can also embolden thieves to target your other accounts.
Another risk is that as long as most chip cards don’t require a PIN number, your chip card can still be used by a thief who steals your physical card.
A third risk is that as chip cards discourage skimming, criminals are increasingly targeting gas stations that lack EMV readers. Likewise, thieves are pursuing online fraud where merchants cannot verify the identity of the cardholder. This is a big reason that online fraud increased 215 percent in 2015, says Forter CEO Michael Reitblat.(6)
Keeping Your Transactions Safe
To mitigate these risks, Lifelock recommends taking some preventive actions. To avoid lost or stolen cards, don’t carry more credit cards than you need when shopping. If your card is lost or stolen, notify your provider as soon as possible.
To prevent card skimming, before swiping your card, check card readers for signs of tampering, such as glue or scuff marks. When possible, keep your card in sight when using it for a transaction rather than letting it be swiped out of your view.
To guard against online fraud, be wary of unsolicited contacts from senders purporting to be your financial provider. When in doubt, call your provider’s customer service number to ascertain authenticity.
Check your statements regularly for signs of unauthorized transactions. Verify recurring transactions.