Clarifying the issues surrounding chip-enabled credit cards

As most people who either accept or use credit cards may have noticed, a major overhaul is occurring. EMV (Europay, MasterCard and Visa) credit cards have been introduced in the U.S. to thwart credit card fraud. It's left a wake of confusion in its path.

Why did they need to switch?

Thirty-two million U.S. consumers had their credit card information stolen in 2014, according to a report published by Javelin Strategy and Research. This was three times higher than 2013. Barclays has reported that half of the world's credit card fraud occurs in the U.S. In the past, credit card processors have argued that the cost of stronger controls outweighed the cost of upgrading the infrastructure. By shifting the costs to the retailers and card issuers, they are forcing change.

How does the technology work?

The small metallic square located on the new cards contains a computer chip. Every time this card is used, the card chip creates a unique transaction code that cannot be reused. Previously, most U.S. cards utilized a magnetic stripe on debit and credit cards that contained unchanging data. During data breaches, thieves would gain access to the sensitive card and cardholder information which could easily be counterfeited. If chip information is stolen from a point of sale system, replication will be impossible since the transaction number created in that instance will be unusable and the card will be denied if it's replicated. Data breaches may still occur, but thieves will have a hard time profiting by selling useless cardholder information.

Dip or swipe?

Consumers, including myself, are currently at loss whether we should swipe our cards or dip them. Chip-enabled smart cards work by "dipping" them into a terminal slot where data flows between the chip and the financial institution creating the unique transaction data. Unfortunately, as most of us have experienced, it takes longer than a traditional swipe or pass from a magnetic-stripe card.

If the card is removed early, the transaction needs to start over. While some retainers have updated their systems to accommodate the new technology, most have not, causing confusion on whether the consumer should be swiping or dipping. Even if the slots exist, the system may not be upgraded to accept your card prompting an error message upon dipping and instructions to swipe.

According to Mercator Advisory Group, a payment industry research firm, only 30 percent of U.S. consumers have received chip-enabled cards as of November 2015 and estimates only 40 percent of the retailers will be able to accept them by the end of 2015.

October 2015 deadline?

Much was made about an Oct., 1 2015, deadline. Essentially, on Oct. 1, the major U.S. credit card issuers (MC, Visa, Discover and American Express) shifted the liability for credit card fraud to the least EMV-compliant party (retailers, card issuers, etc.) in a transaction. Therefore, if a bank or retailer elects not to upgrade their systems, they could be liable for the cost of a fraudulent transaction.

Certain industries have been given more time to comply. For example, pay at the pump gas stations have until 2017 to upgrade their systems. It's been observed that the larger banks and retailers have been able to upgrade their cards and equipment at a faster pace than the smaller regional players.

What card will work outside the United States?

For anyone that has traveled to Canada or abroad recently, you may have experienced issues using your traditional magnetic stripe credit card. Foreign merchants moved to smart chip cards a few years ago and even added an additional layer of protection by requiring PIN codes for both debit and credit cards. Now armed with a chip-enabled card, you may be more successful charging a transaction, but if they require chip and PIN cards, you're out of luck. It's anticipated that the U.S. may move in that direction, but not in the near future. For now, the U.S. is content to implement chip and signature versus chip and PIN.

Will my online shopping be affected?

Although the new chip cards will prevent a data thief from making a copy of your credit card, they will still be able to steal your online payment credentials. The protection these cards offer exists when they are used live in an EMV-equipped terminal. Therefore, consumers should remain vigilant regarding their online shopping and closely monitor their charged transactions.

Consumer frustration

While most people appreciate tightening security around stolen credit, the initial experiences have been less than stellar. The "dipping" process has resulted in longer wait times in checkout lines as the result of either confusion over the process or the wait time experienced for the technology to read the chip. Feedback concerning poorly informed sales associates has also added to the mix. The timing of this implementation doesn't help either. While the card issuers were motivated to shift the liability before the holiday shopping season started, it's also the worst time of year for retailers and consumers to adapt to such a major change. In the end, if it helps to discourage massive data theft, it will be worth the sacrifices.


James I. Marasco, CPA, CIA, CFE, is a partner at EFP Rotenberg LLP, Certified Public Accountants and Business Consultants

Published: Fri, Dec 18, 2015