Wednesday, October 7, 2015

Week Ago Wednesday: Chipped Credit Card

Better use cash while you still can.....

"Chip card deadline is here, but not everybody is ready; Fraud-thwarting technology may be late to your wallet" by Deirdre Fernandes Globe Staff  September 30, 2015

The era of safer, fraud-thwarting, chip-based credit cards has arrived. Sort of.

Thursday marks the deadline for US merchants and financial institutions to start making the transition to the new payment system, but most aren’t prepared for the switch to chips from magnetic stripes. Analysts expect confusion and delays at checkout counters that could last into the holiday shopping season as customers look to dip, instead of swipe, and merchants contend with new machines to read the updated cards.

Some of the largest retailers, including Target and Walmart, have installed new payment terminals at checkouts to read the cards, but a majority of merchants — nearly three out of four, by some industry estimates — don’t have the machines or aren’t certified by card companies like Visa and MasterCard to use the readers.

Banks and other card issuers are still sending out new chip-enabled cards to their customers. As of August, card issuers had replaced only about 20 percent of the 1.2 billion payment cards in the United States.

Many customers of some of the largest banks in Massachusetts, including Citizens Financial Group, Eastern Bank, and Rockland Trust, don’t have the cards yet and may not get them until next year.

*********************

The Oct. 1 deadline, set by Visa, Mastercard, and other card companies, means banks that failed to issue chip cards or merchants that have not installed chip-card readers will have to cover the costs of fraud.

Consumers will continue to be protected under federal law and won’t be liable for fraudulent charges, in most cases.

The move by the credit card companies is driven by the massive data breaches in recent years that affected some the nation’s largest retailers and tens of millions of consumers. The new cards are embedded with a microchip that generates a unique encrypted code for each transaction when it is used at a payment terminal, making it harder for hackers and criminals to obtain sensitive information.

The details transmitted during the swipe of a traditional magnetic stripe card, such as the account number and expiration date, don’t change, so a thief using a skimmer on a payment machine can grab and then resell the information. By not conveying account information, the new cards should cut down on card fraud at checkouts, but won’t protect customers making online transactions, analysts said.

Marlene MacDonald Ketchen, the owner of a Hingham company, Cabinetry Kitchen & Bath Design Studio, said that earlier this year she learned from her bank, Rockland Trust, that her company could become from liable for credit card fraud. The potential costs of covering fraudulent charges was concerning enough that she switched to the chip card reading machines.

“It would be devastating for a small business,” Ketchen said....

Jon Hurst, president of the Retailers Association of Massachusetts, said for some small retailers, the cost of replacing all of their card terminals seems more expensive than the potential risk of fraud.

“Some are just rolling the dice, because they’ve never had a breach, and they don’t think they’re at risk for a breach,” Hurst said. “It’s frustrating. It’s not going quite as well as some would hope.”

And who benefits? The firms selling the security and software. Hmm.

The chip cards have been used in Europe for about a decade and are commonly referred to as EMV, shorthand for the card companies EuroPay, Mastercard, and Visa. Many Europeans use a chip-and-PIN system, in which the card is placed in the reader and the customer enters a personal identification number.

US card issuers are primarily using a chip and signature system, in which the card is dipped into the reader, but the customer signs to authorize the charges.

Retail trade associations worry that the burden of introducing the technology is falling disproportionately on stores, restaurants, and other businesses, but the chip-and-signature system is not as secure as chip-and-PIN.

“They’ve locked the front door, but left the back door opened,” said Mallory Duncan, general counsel of the National Retail Federation in Washington, D.C., who called the approach “half-baked” in a conference call on Tuesday.

That would be the NSA trapdoor embedded in every piece of technology and software.

Banks and card companies said the chip-and-signature cards should address a vast majority of fraud attempts, and they didn’t want to confuse consumers who are used to signing.

Many customers may not have received chip cards yet because financial institutions may be waiting for magnetic stripe cards to expire before replacing them, said Bruce Spitzer, a spokesman for the Massachusetts Bankers Association.

Banks already absorb fraud costs and will keep doing so if they haven’t replaced their cards, he said.

Ultimately, both retailers and banks will feel the pressure to switch, said Grillo of ACI Worldwide.

“There will be an association factor,” he said. “Consumers will start wondering, ‘Am I doing business with somebody who is protecting my best interests and protecting me from fraud?’  ”

--more--"

So what's in your wallet?  

Who needs to worry about hackers, huh?