0

Chip cards are more secure because they prevent cloning. Chip cards also have the magstripe for backward compatibility. In my recent experience at supermarkets in California, using the chip takes a lot longer (15+ seconds) than swiping, and can't be done in advance, while the cashier is scanning the items.

Given this inconvenience, I'd prefer to swipe my card at a POS inside a supermarket, which is monitored and under human supervision. I'd use the chip at an ATM or gas station.

Yet, some POS units (e.g. those at Trader Joe's in California) require using the chip if one is present, despite the inconvenience to the customer. Why is this?

Community
  • 1
Dan Dascalescu
  • 1,945
  • 2
  • 15
  • 23
  • 1
    Part of the reason is that it's more secure, companies are now liable if there is any fraud (i.e. someone stole credit card and managed to sign the back of the card).. I believe, anyway. Someone will probably come up with a more detailed explanation – Phorce Oct 29 '15 at 10:48
  • So, what you're saying is, you trust that nobody's rigged the POS with a skimmer and that the cashier won't pass the card through one when you're not looking? And that you trust the store with your magnetic stripe's full track data (the very data that got hijacked in the Target breach)? – Iszi Oct 29 '15 at 16:41

3 Answers3

6

Swipe cards aren't secure, even under human supervision.

It takes only seconds to swipe a card and read all the data off the magnetic strip. Once you have that data, it's possible to write it to a new blank card. The card can be printed up to match a real bank's credit cards. The fraudster can now sign the back of the new card.

To the cashier, it will look just like a genuine card. It will swipe correctly, and the signature on the back will match the one given by the person using it.

Simon B
  • 884
  • 5
  • 7
1

If you "swiped" your chipped card, to the merchant it's the same as if you had swiped a non-chipped card. Therefore, if your card you just swiped was a fraudulent card then the merchant would be responsible for the fraudulent charge. It would come out of the merchant's pocket, instead of the cardholder's bank/merchant bank/card processor paying for that fraudulent charge.

The locations that ask you to insert your chipped card after you swiped it are doing it correctly. They don't want to take your swiped attempt as payment, they want your chipped attempt as payment. That way they are covered.

Why some places "Trader Joe's" have it right and others don't is really down to the POS(Point of Sale) software company and their credit card processor getting everything setup right. Then even if everybody is ready to roll out with EMV solution, there is still cost to the merchant to get it setup. Some merchants are just declining to do this at the time. I work in POS industry and a lot of the software companies are still not ready.

N. Greene
  • 341
  • 2
  • 6
1

Chip cards have been around for decades, and have been very common in European countries for many years. So why is the US implementing them now?

The recent shift in the US to chip based cards is a result of a shift in liability to the party that implements the least technology. The liability changed in October 2015.

In essence what this means is that if the credit card issuer gives the consumer a chip based card, and the retailer only implements swipe, then the retailer is liable for any fraud that occurs as a result of that transaction. If the card issuer only issues the customer a swipe only card, and the retailer has implemented chip, then the card issuer is liable for any fraud.

Retailers don't have to do anything, but given the choice between accepting liability for fraud, and changing the technology around, most have opted to change the technology.

As you noted, using the chip based scheme is more secure because the chip creates a single use number to be used with each transaction. This means anyone who's broken into a system where CCs are stored, or transmitted can't create additional fraudulent transactions, or clone the card.

Burgi
  • 436
  • 3
  • 14
Steve Sether
  • 21,480
  • 8
  • 50
  • 76
  • Here's something I don't think I've seen addressed anywhere: What happens if the card issuer provides chip, but the retailer permits chip *or* swipe to allow backward-compatibility with issuers that haven't converted? At that point, it's up to the customers to choose chip or you trust (often) minimum-wage employees to be attentive (and caring) enough to enforce it when the customer has a compatible card. Who's legally liable there? – Iszi Oct 29 '15 at 16:52
  • 1
    AFAIK, the magnetic stripe on a "chipped" card has info in the stripe that says "I'm a chipped card." If a swiped "chipped" card is allowed to be processed that way, then the liability would be on the merchant, but I would think a lawyer would determine that the Software was at fault for not forcing the chipped transaction versus the swipe. The proper implementation is that if a chipped card is swiped, the consumer must insert the card. If a response is "my chipped card had to be swiped, but someone else's chipped card was inserted." that has to do with implementation. continued below---- – N. Greene Oct 29 '15 at 17:18
  • My bank card is chipped, and I've been at a large retailer where the person in front of me had a pure credit card that was chipped and he inserted the card. I had to swipe the card. Not all merchant's POS software/CC Terminals are ready yet. They should have been but they are not. – N. Greene Oct 29 '15 at 17:19
  • @Iszi Good question, and I don't know the answer. I have noticed that at some big retailers I'm not allowed to swipe chipped cards. – Steve Sether Oct 29 '15 at 17:25
  • @N.Greene Just the same, all banks should have issued chipped cards by now. Yet here we are. – Iszi Oct 29 '15 at 17:38