Smart Credit Cards 101: Chip-and-PIN FAQs
In Europe, they’ve transitioned away from signature-based credit card authorizations and are instead using credit cards with built-in chips that require a PIN for most transactions. The system is called EMV, named for the three companies that pioneered it–Europay, Mastercard and Visa–and is commonly referred to as chip-and-PIN. Widely accepted as more secure, the idea has yet to catch on in the U.S.–until now. United Nations Federal Credit Union became the first U.S. company to issue chip-and-PIN cards, signaling what may be a sea change in the way Americans pay with plastic. As with all new technology, chip-and-PIN, or “smart credit cards” raise a few questions:
How does chip-and-PIN work?
From a consumer standpoint, it’s not much different than using a debit card at checkout. You swipe your card, enter your PIN and the transaction is complete. No signatures required.
How is a chip-and-PIN card different?
Your current credit card has all of the relevant information contained in the magnetic strip on the back. Swiping it through a machine simply pulls it all up, as if they were plucking your file from a cabinet. With the chip-and-PIN card, your sensitive data is encoded and encrypted.
What’s wrong with signatures?
The main line of defense for signature-based cards is the checkout clerk, who is supposed to compare your signature to the one on the back of the card and reject your transaction if they don’t match. The pranksters over at Zug.com proved the pointlessness of credit card signatures by purposefully signing credit card receipts with wacky stuff like “Porky Pig,” and “I stole this card” and even just a plain X. None of those transactions were denied.
Why aren’t chip-and-PIN cards used in the U.S.?
Chip-and-PIN hasn’t caught on on our shores for one big reason: it’s a pain to upgrade equipment. Bring a chip-and-PIN card to your local TJ Maxx and they won’t likely be able to read it. Bring your U.S. magnetic strip card to a U.K. gastropub and their chip-and-PIN cards may not be able to process it. There’s going to have to be a tipping point either way before chip-and-PIN terminals become the norm. Currently, the UNFCU smart cards are hybrids–they work with magnetic-strip and chip-and-PIN readers.
Is this safer for me as a consumer?
Maybe. You may actually be worse off in the case of identity theft. Because the chip-and-PIN system is considered foolproof, bank policy presumes you liable for any point-of-sale transaction where a valid PIN was detected. In Europe, you have to prove without a doubt that you were not present during the transaction in order to fight a fraudulent chip-and-PIN charge. This is different from the current setup, where cardholders often get the benefit of the doubt and wind up paying $50 to $0 for fraudulent charges.
But is chip-and-PIN really foolproof?
Not at all. Researchers at Cambridge University found a way to hack chip-and-PIN cards that lets you bypass the validation without a correct PIN. Essentially, they mocked up a middleman device that faked the “validated” sign and sent it to the terminal regardless if the PIN was entered correctly. This kind of fraud hasn’t been detected in the wild, but the potential remains.
What else is a drag about chip-and-PIN?
For one, you’ll have to remember your PIN. Guess wrong three times in any given day and you’ll be locked out of your account until you get ahold of your bank and unlock it. Also, chip-and-PIN cards don’t offer the same level of protection online, where they work the same as any old credit card.
So who benefits from a chip-and-PIN system?
The real winners here are the card issuers. An estimated $4 billion in revenue was lost for U.S. card issuers because our dumb American cards won’t work in Europe half the time. Not only that, card issuers spend less overall on security audits and fraud cases with the chip-and-PIN system. In short, it makes their job easier. But it doesn’t really make a difference to us, unless you think those savings will trickle down.
What are your thoughts? Will chip-and-PIN be a big deal in the U.S.? Do you welcome the change or would you consider it an inconvenience? Let us know your thoughts in the comments.
img by anthrocopy
Related posts:
- 5 Tricks That Make Your Credit Card ‘Readable’
- Futuregoof: 4 Grand Frustrations in Credit Card Technology
- Travel and Credit Cards: 7 Tips Before Hitting the Road
- Credit Cards Going Extinct? We Don’t Think So
- The Business of Credit Cards – Part I
Those savings definitely wont trickle down to us consumers, but this is definitely a more convenient way of using a card. Its only a matter of time, the old cards are becoming outdated, and once enough people get these new PIN based cards, retailers will invest in the new equipment. That being said, this could take 2 or 10 years.
The chip and pin terminals are becoming common in Canada, but they read both types of cards at this point. My card has not been updated to a chip and pin card yet, but I imagine when it’s time to renew (next year) I’ll get one.
From what I’ve read, they give credit card companies way more benefit than consumers. I’ve read (don’t know if it’s true) but if they can prove that you used the same pin for more than one card, then they aren’t responsible for any fraudulent charges because it wasn’t a unique pin (and therefore not secure). I don’t know about you, but I have a limited repertoire of pins/passwords I use (the human brain can only keep track of so much arcane information) so I’m concerned about this clause. I know it was a pain for credit card companies to look up the signatures if you disputed a charge, but at least its harder to forge a signature than steal a pin!