What You Should Know About the New Credit Card Chip Rule
Starting Oct. 1, a new standard in credit card technologies goes into effect.
-- Chip-enabled credit cards will now become the standard for consumers and business owners.
Banks and credit companies have been sending consumers new cards, which look like their old cards but are fitted with a small metallic high-tech chip known as EMV, which stands for Europay, MasterCard, Visa -- the three companies that created the standard. The chip's goal: keeping thieves from easily accessing consumers' personal information. Starting today, retailers and small businesses who have not yet upgraded their credit card networks will be liable for any Visa, Discover or Mastercard credit card transaction that is fraudulent if the card is EMV-equipped. If fraud occurs when a magnetic stripe card is swiped at a chip-enabled terminal, the bank is still responsible for the fraud. American Express will transfer liability to business owners on Oct. 16.
Credit card fraud is a growing problem in the U.S. About 31.8 million U.S. consumers had their credit card information stolen last year, more than three times the number of consumers affected in 2013, according to a report published by Javelin, a company that studies customer transactions. According to a report from Barclays earlier this year, almost half of the world's credit card fraud occurs in the U.S.
According to the Electronic Transactions Association, the high-tech chip creates a unique code for each transaction, making it difficult for criminals to duplicate consumers' information. The new cards have to be inserted and then held in a card reader, which then uploads the information to complete the transaction. The new credit card standards are not a mandate for retailers and credit cards with just magnetic strips will still be accepted.
Here's what consumers and business owners should know about the shift:
1. Consumers can still use magnetic stripe cards if they have them
Sean McQuay, a credit card expert at personal finance site NerdWallet, said fraudsters are going to bug every non-EMV payment terminal they can to steal credit card information because these terminals will become the path of least resistance for theft.
"Consumers need to be wary of any store that forces them to swipe their card as opposed to dipping the chip -- old terminals will be even more susceptible to hacking until they're upgraded," he said.
2. It's been done before
Since 2005, when the U.K. switched to the EMV standard, counterfeit fraud has decreased 63 percent, as noted in NerdWallet's Consumer Credit Card Report, but that was after peaking in 2008, three years after the roll-out.
"This is a reminder that consumers will not be instantly safer after Oct. 1 but rather once a critical mass of consumers and stores are EMV-ready," McQuay said.
Due to these limitations, McQuay predicts that credit card fraud will continue to rise in the short term.
3. Tough luck for online shopping
McQuay points out that there are limitations with these new cards.
EMV chips will prevent a thief from making a copy of your credit card but it won't stop them from stealing your online payment credentials.
EMV technology won't protect consumers with online purchases, as it only protects consumers when they dip their card in an EMV-ready terminal in a face-to-face transaction, McQuay notes. NerdWallet found that online fraud in the U.K. has risen 120 percent over the last 10 years.
In addition, "Consumers still need to ensure that they're shopping on reputable sites, even if their card has an EMV chip on it," McQuay said.
4. The burden is shifting
The EMV liability shift means that any businesses that have not upgraded to EMV payment terminals after today will be liable for fraud that occurs on an EMV-ready credit card. Gas stations have until 2017 to replace readers at pumps.
The cost of upgrading card readers among retailers varies greatly between each retailer, according to a spokeswoman for the National Retail Federation. NerdWallet’s EMV shopping guide for small and medium-sized businesses notes that mobile payments service Square has an EMV-ready dongle for $30 while more traditional POS terminals can reach over $1,000.
"While this liability shift is intended to create incentives for the market to upgrade to the higher security standard, it does place a large burden on stores, especially small and medium-sized businesses that are already struggling with low margins," McQuay said.
NRF's Mallory Duncan said the new chip cards are not 100 percent safe unless they also require a customer PIN.
“It’s like locking the front door and leaving the back door unlocked,” he said in a statement.