Chip cards, I thought they were more secure?

[Scott Shepherd]

Apparently someone didn't get the memo about it being safer. We just had one of our business accounts compromised. $750 worth of pay as you go cell phone charges on a Chip card that is used only for buying materials from about 8-10 different suppliers.

Good thing it's more secure.

On a side note, we called the police to ask if it should be reported and they came out and told us that once you call the credit card company about it, then you are no longer in a position to file any charges because you have had no damages done to you. They said the credit card company would have to file charges, and there was nothing we could do. I'm not sure why they couldn't tell us that on the phone, but anyway, it's done.

[Brian Henderson]

Mark has it. "Safer", in this instance, means the card cannot be easily cloned and used elsewhere while you still have the original in your possession. You are more likely to notice a missing card (pickpocket) than you are waiting to see fraudulent transactions at the end of the billing period. Therefore, it also requires the card to be used semi-locally rather than having its number transmitted around the world and used almost immediately.

Still, the "one-time use" algorithm isn't infallible

But that doesn't stop online transactions where you don't have to have the card, only the number. Now presumably, you'd have to eventually have the PIN as well, but most fraudulent transactions are online, not physical.

[Anthony Whitesell]

The reports are that the majority (80%+) of the active cards have the chip. In some cases, the problem lies with the clearing house (processing company). A middleman. Especially for the smaller merchants. If you check out of a store and have to swipe through a chip-enabled reader, then chances are very likely the clearing house does not have the software installed, enabled, or other reason to process the chip based transaction. If the reader is not chip enabled, then the merchant has likely not upgraded on their part or is waiting for their clearing house to upgrade (could be a chick-and-egg thing).

[Bert Kemp]

Whats really weird I think is that when they call you to ask about fraudulent charges on the card the circles you have to go thru to prove your you. Hey they called me at a number I provided to them but they call and then want to know.
My name
My address
my birthdate
last 4 of my SS
my dogs name
my mothers maiden name
my card number
exp date
and 3 number CVs

But like you all said its easy to steal the card and rack up charges wtf.

[Brian Elfert]

All of my cards have chips, but a lot of stores don't have chip readers that work yet. I did three retail transactions yesterday and this evening and only one retailer had a chip card reader. Chip cards only protect against hackers that break into computers and steal card numbers.

Traditional methods of fraud like skimmers, restaurant employees stealing numbers, and people stealing cards are not stopped by chip cards. Some of these methods will be stopped by having PIN numbers hopefully at some point in the future.

[Mike Henderson]

Whats really weird I think is that when they call you to ask about fraudulent charges on the card the circles you have to go thru to prove your you. Hey they called me at a number I provided to them but they call and then want to know.
My name
My address
my birthdate
last 4 of my SS
my dogs name
my mothers maiden name
my card number
exp date
and 3 number CVs

But like you all said its easy to steal the card and rack up charges wtf.

If someone calls me, I do not give out any of that information. I tell them I'll call them on the number listed on the card and then I will provide the information, if I need to.

Mike

[Mark W Pugh]

But that doesn't stop online transactions where you don't have to have the card, only the number. Now presumably, you'd have to eventually have the PIN as well, but most fraudulent transactions are online, not physical.

We need the PIN ASAP in US. Online, a total different animal. However, US card issuers and busnisses need to get inline with the rest of the world.

[Mark W Pugh]

Can someone tell me what info is exactly on the chip?

[Dan Hintz]

Can someone tell me what info is exactly on the chip?

Some of the references in the middle of the wiki will point you to the possible information that can be stored.
https://en.wikipedia.org/wiki/EMV

[Paul Lawrence]

You just told a scammer everything they needed to know ...

Whats really weird I think is that when they call you to ask about fraudulent charges on the card the circles you have to go thru to prove your you. Hey they called me at a number I provided to them but they call and then want to know.
My name
My address
my birthdate
last 4 of my SS
my dogs name
my mothers maiden name
my card number
exp date
and 3 number CVs

But like you all said its easy to steal the card and rack up charges wtf.

[Rich Engelhardt]

Can someone tell me what info is exactly on the chip?

Wouldn't it be something if the chip gathered information about your every move, then linked up with the National Center for Supercomputing Applications and dumped it's load every time it was used?
LOL!

Seriously though -- the technology is there to do that
64 bit processing/programs opened that Pandora's Box.
For the time being it's just too expensive.

Sooner or later though, the scope of what's gathered about a person is going to change - - probably in the name of "safety".

[Bert Kemp]

Yes I should have mentioned I call them back from the number on the card, I don't even answer the phone when someone calls unless its family or someone I know. But they call me all the time when I travel to verify charges even after I call them to tell them I'm traveling. weird .

We need the PIN ASAP in US. Online, a total different animal. However, US card issuers and busnisses need to get inline with the rest of the world.

[Jim Becker]

The chip cards generate a one-time number for each transaction which is why they are more secure for point-of-purchase transactions. And the retailers that can't support them now carry the entire risk for a fraudulent card transaction that's swiped...that went into effect 1 October 2015. I agree with the comment that we need to move quickly to chip and pin from the current chip and sign method that was chosen by the US banking system because they thought their card holders couldn't manage to remember a PIN. With chip and pin, point-of-sale fraud will be thwarted big-time because of the two factor authentication..."something you have" (the chip enabled card) and "something you know" (your PIN). Online is still a bit more difficult, but requiring the three or four digit extra code helps a little since that's not always on the "dumps" information that gets sold out there on the Internet by the skimmers.

[Dan Hintz]

we need to move quickly to chip and pin from the current chip and sign method that was chosen by the US banking system because they thought their card holders couldn't manage to remember a PIN. With chip and pin, point-of-sale fraud will be thwarted big-time because of the two factor authentication..."something you have" (the chip enabled card) and "something you know" (your PIN). Online is still a bit more difficult, but requiring the three or four digit extra code helps a little since that's not always on the "dumps" information that gets sold out there on the Internet by the skimmers.

I wouldn't be so sure on that one, Jim. There have already been multiple hacks that show the PIN portion can be effectively bypassed.

[Scott Shepherd]

I wouldn't be so sure on that one, Jim. There have already been multiple hacks that show the PIN portion can be effectively bypassed.

I would agree with that statement. We use the chip cards and they have never asked for a PIN, not once, except for debit cards. If it's a credit card, it just uses the chip and never asks for any PIN. In fact, I don't even know of any PIN's for our credit cards with chips. Not sure how it's supposed to be more secure when it doesn't ask for 50% of the thing that's supposed to make it more secure.