Chip cards, I thought they were more secure?

[Scott Shepherd]

I'm guessing most everyone has the new debit cards with the chip in them now? I thought they were supposed to be more secure and help prevent fraud. However, I went into Target, slid my chip card into the reader, it sat there, then said "Remove card" and the transaction was done. Never once asked me for my PIN. I've been back in there a number of times since and not once has it ever asked me for a PIN. That means if I lost my card in the parking lot, someone could walk into the store and buy things, and there wouldn't be a trace of them. No forged signature, no PIN code, no nothing, so no one would ever know it was fraud until I figured it out.

How's that more secure than entering a PIN code? Without my PIN, you can't buy a stick of gum.

[Mark Blatter]

I believe it is about the ability for any one to duplicate the card and have 20 copies of it in use. No one can intercept the data as they use a one time encryption. I have been using one for a few months and frankly they are a pain because they are slower, but if it helps stop organized crime, it is worth it.

[Scott Shepherd]

I believe it is about the ability for any one to duplicate the card and have 20 copies of it in use. No one can intercept the data as they use a one time encryption. I have been using one for a few months and frankly they are a pain because they are slower, but if it helps stop organized crime, it is worth it.

Yeah, but 20 cards wouldn't be able to buy a drink at Target with my old cards copied. It would be declined immediately. Not so much now. They might only be able to use that one card, but they could certainly use it without even slowing down. It would be a pick pockets dream. Work around stores, snatch a wallet, go buy some things, throw the card in the trash and move on. I think the whole thing that made it secure was the combination of the chip AND the PIN, I even thought there were called chip and pin cards.

[Jim Becker]

Currently in the US, it's "Chip and Signature" and the signature is only required for purchases over a certain amount in some stores. "Chip and Pin" would be more secure (and that's how it's implemented outside the US for the most part), but as usual, the financial industry felt it might be asking too much of US cardholders to "do that thing" for each transaction... "Chip and Pin" will likely come into play down the road here, however, for obvious reasons...."Something you have" (card) and "something you know" (PIN) for two factor authentication.

[John McClanahan]

My Visa card has the chip, but it also has the mag stripe. Someone with a card scanner could still swipe the numbers from the stripe.

My understanding is that the credit card companies will no longer eat the fraudulent charges made with the magnetic stripe readers. Stores that don't upgrade their credit card machines will be responsible for the fraud.


John

[Roy Harding]

Here in Canada, it's 'chip and PIN', for both my debit card and credit card.

[Franklin Ferrier]

Here in Australia it is only 'chip and PIN', signatures were made completely redundant earlier this year. We also have 'pay wave' which uses a proximity reader rather than having to insert the card. Most transaction below $100 do not require entry of the PIN. A lot of fraud happens with stolen cards that are used to buy small amounts promptly after a card is stolen, but the financial institutions don't publish the figures. It's hard to tell if the amount of fraud is greater now than it was before with swipe and signature, which nobody ever seemed to check anyway. For transactions above $100 the card must be inserted in the reader and a pin entered. Also the system limits the number of times (10) you can make a pinless transactions each day. If you report your card stolen within a reasonable timeframe the financial institutions usually carry the cost of fraudulent transactions as a cost of business and don't charge the card owner, although I imagine finding out and contesting the transactions would be stressful.

[Mike Henderson]

Currently in the US, it's "Chip and Signature" and the signature is only required for purchases over a certain amount in some stores. "Chip and Pin" would be more secure (and that's how it's implemented outside the US for the most part), but as usual, the financial industry felt it might be asking too much of US cardholders to "do that thing" for each transaction... "Chip and Pin" will likely come into play down the road here, however, for obvious reasons...."Something you have" (card) and "something you know" (PIN) for two factor authentication.

Yep, the credit card industry in the United States was afraid that people would not be able to remember the pin and would therefore use another card - so they went with chip and signature. But people remember their iPhone pin, and their bank pin, etc.

Chip and pin would be more secure but chip and signature is better than the mag stripe. And after some date, if a merchant processes a card with only a mag stripe, and the transaction is fraudulent, the loss is on them. By that date, all card users will have been sent cards with a chip, so the only way a mag stripe would be used is if the merchant doesn't have an upgraded terminal.

Mike

[Rich Engelhardt]

"Safety" is the new religion in this country.
(note - - the definition here is from the old line, "Want to get rich? Start your own religion".)

Any time someone wants to sell an idea to anyone it's wrapped up and marketed as being "safe".
(Secure is just a synonym for safe.)

It doesn't matter what the truth is anymore - - as long as it's "safe"....

[Mike Null]

I was in line at HD yesterday and a guy was making a small purchase with a chip card. It must have taken 10 minutes for he and the cashier to get the scanner or whatever to accept and validate the transaction.

[Dan Hintz]

Mark has it. "Safer", in this instance, means the card cannot be easily cloned and used elsewhere while you still have the original in your possession. You are more likely to notice a missing card (pickpocket) than you are waiting to see fraudulent transactions at the end of the billing period. Therefore, it also requires the card to be used semi-locally rather than having its number transmitted around the world and used almost immediately.

Still, the "one-time use" algorithm isn't infallible

[Jim Becker]

YAnd after some date, if a merchant processes a card with only a mag stripe, and the transaction is fraudulent, the loss is on them. By that date, all card users will have been sent cards with a chip, so the only way a mag stripe would be used is if the merchant doesn't have an upgraded terminal.

That date is literally today, 1 October 2015, relative to the risk shifting to a merchant if they are not equipped to process cards with the chip as a chip transaction. That said, the latter thing you say is unfortunately not true...only a portion of cardholders have received new cards with chips. The banks didn't take the date seriously, apparently, citing "chicken and egg" with merchants not having updated terminals. That's also a problem, a very large portion of merchants have not upgraded to-date...

[Jim Becker]

I was in line at HD yesterday and a guy was making a small purchase with a chip card. It must have taken 10 minutes for he and the cashier to get the scanner or whatever to accept and validate the transaction.

I've been using the chip feature at HD for months now with no issues...multiple local stores, too.

[Scott Shepherd]

We use Square for taking cards from most walk ins and they haven't shipped the new Chip readers out yet either. They say "Shipping Late 2015". That means if we use their service until then, then we're on the hook if it's fraudulent. I was in a Food Lion last night and I put my chip card in, and it didn't do anything. I asked the cashier if the chip feature was working and she said "Oh, sorry, that doesn't work yet". I guess they were waiting until today to activate them too?

[Steve Peterson]

Many stores have set a limit of risk that they won't bother to ask for a signature or pin if you purchase falls below the limit. They figure that it costs more for the clerk's time waiting for a signature than they lose from stolen cards. The merchant probably takes the loss if they didn't bother to verify for small purchases.

Steve