Nebraska News Desk

Chip-card security remains scarce in wallets

 Breaking News
  • No posts where found

Chip-card security remains scarce in wallets

The odds of your credit card including the tiny EMV chip that encrypts a transaction and prevents the cloning of the card are not as good as you might hope. Last August, an industry group called the Payments Security Task Force reported that nine of the country’s top card issuers would have one in two cards chip-enabled… by the end of 2015.635656349472766219-AP-Credit-Cards-Security.1

Whether yours will be among them can vary based on the company or companies behind the card, its age, whether it’s a business or personal card and if you’ve asked for an EMV version. To take one example from my own wallet: While JPMorgan Chase was one of the earliest issuers to support EMV, the airline co-branded business Visa I have with them still doesn’t come with a chip. The list of chip-enabled cards on Chase’s site doesn’t list the personal version of this card either–but since February, cardmembers have been reporting that an EMV version is available on request.

Then there’s actually using a card’s chip in a U.S. store. Many already have EMV-capable credit-card terminals, which you can identify by a card-sized slot at the bottom in addition to the standard magnetic-stripe reader. But if you try dipping a card into that slot instead of swiping at the right, most of the time nothing will happen because the retailer hasn’t turned on that feature. A crowdsourced database only lists four compatible stores in Washington, two of them Walmarts that benefited from that retailer’s early support of EMV.

If you don’t want to use your card’s easily compromised magnetic stripe, you’ll have better luck using an NFC-payments app on your smartphone such as Apple Pay or Google Wallet — I’ve yet to see a credit-card terminal with an EMV slot that didn’t also feature an NFC reader. At a seminar in Washington Thursday organized by the Electronic Transactions Association and Underwriters Laboratories, experts emphasized that the October 1 “EMV deadline” is just a shift in liability. After then, a shop that doesn’t take EMV cards will automatically be on the hook for any fraudulent transaction, but some smaller merchants may decide the cost to upgrade their systems isn’t worth what they see as a small risk.

The participants also agreed that EMV can still leave a card number exposed for fraudulent use online or over the phone. To fix that, merchants need to take extra steps like scrambling card numbers stored in their systems and encrypting data as it travels through them. And because most U.S. EMV cards only require a signature to confirm a transaction instead of the personal identification numbers demanded in other countries’ implementations, somebody can still steal your wallet and go on a spending spree with your card until the issuer spots the unusual transactions or you report the theft.