ADVERTISER DISCLOSURE

Are Smart Chip Credit Cards Coming to the U.S?

shutterstock_118971841

by on February 4, 2014

This post may contain references to products from our partners. We may receive compensation when you click on links to those products. For an explanation of how we make money, please visit this page.

 

In the wake of recent data breaches at Target, Neiman Marcus and other companies, it’s reasonable to ask what banks are doing to protect against identity theft. According to the U.S. Department of Justice, there were 16.6 million U.S. identity theft victims in 2012, a number that skyrocketed to over 70 million in 2013. This startling jump in breaches begs the question: will these high numbers be enough to finally bring smart chip credit cards to the U.S.?

Smart chip credit cards, which are a part of the EMV (Europay, MasterCard, and Visa) credit system, have been promoted as the safer alternative to magnetic stripe cards. However, the U.S. has been slow to adopt these cards because it’s expensive to replace magnetic swipe systems and ATMs and produce the cards. That being said, by the end of 2015, change may be inevitable.

What makes a smart chip card so special?

Smart chip credit cards are exactly what they sound like—a credit card with a chip on it that stores your encrypted account information. Unlike cards with magnetic stripes, these cards cannot be read by swiping. Instead, they’re scanned by a point of sale (POS) terminal or ATM that reads the chip. Sometimes the terminal requires a PIN to decrypt the chip’s information. Sometimes all the merchant needs is the customer’s signature, but this is less secure than the chip and PIN option as fraudsters can more easily forge signatures.

In many ways, the chip is more secure than a magnetic stripe, particularly when purchases are made in person at POS terminals. Over time, identity thieves have developed fairly simple ways of altering or taking information in magnetic stripes. Skimming, for example, is when an identity thief sets up a card reading device where folks generally swipe their credit cards, like gas station pay stations or retail stores. As the recent Target incident shows, all it takes is one swipe for your information to be compromised and stored in the skimming device.

While the encrypted information in chips isn’t as vulnerable to theft, it has its own weaknesses that can potentially be exploited. For example, if thieves get ahold of cards, they can make purchases where the cardholder’s PIN, signature, or presence isn’t required. The success of a few large PIN harvesting schemes and experiments—including a recent one from Cambridge—reveal other vulnerabilities in chip cards. However, on the whole, losses due to credit card fraud have decreased dramatically since EMV took hold in Europe.

Will the U.S. be fashionably late to the smart card party?

Although consumer safety is a critical issue, the dominant issue for card issuers and merchants in the U.S. is who will foot the bill for the chips and POS terminals. Card issuers are putting pressure on merchants to purchase POS terminals by 2015, and they’re doing so by shifting the liability of identity theft from themselves to the merchant. This means that if identity fraud results from a merchant using a non-EMV terminal for a transaction with an EMV card, the liability falls on the merchant. However, if the merchant uses an EMV compatible POS terminal, card issuers would be liable for any fraud resulting from that transaction.

While this liability shift puts pressure on the merchant to get EMV terminals, merchants and card issuers alike want to avoid paying more than they have to. Subsequently, the high cost of replacing existing terminals may result in cardholders having to pay transaction fees when using POS terminals. Similarly, card issuers may pass on the high cost of the card’s production to the consumer through fees. Interestingly, the retailers themselves might take the lead on EMV adoption: Target just announced that it will be accelerating implementation following the data breach.

Chances are that the U.S. will eventually adopt the EMV smart chip credit card, like the other 80 countries around the globe that have already done so. While the smart chip cards could potentially alleviate consumers’ fears and limit their losses due to fraud, the real motivation behind the change might boil down to something else. Namely, credit issuers won’t have to shoulder the burden of total liability when credit card fraud occurs. The new pressure on merchants will likely result in more EMV POS terminals in the U.S. by 2015, but just how many merchants will take the pressure to change seriously remains to be seen.

Chip card image via Shutterstock.

We want to hear from you and encourage a lively discussion among our users. Please help us keep our site clean and safe by following our posting guidelines, and avoid disclosing personal or sensitive information such as bank account or phone numbers. Any comments posted under NerdWallet's official account are not reviewed or endorsed by representatives of financial institutions affiliated with the reviewed products, unless explicitly stated otherwise.
  • http://www.doctorofcredit.com/ doctorofcredit

    I don’t understand why this isn’t standard already, in Australia they’ve had smart cards for 10 years.

    • James Wester

      Because the Australian electronic transaction market is a fraction of the size of the U.S. market in terms of cards in circulation, transaction volume, POS terminals, etc. Thus migration could happen at a fraction of the cost and timeline.

      • http://www.doctorofcredit.com/ doctorofcredit

        Yes, but that also means you have a much larger market in the US unprotected, if it is a good idea for safety surely the bigger the market the more important it is to get done.

        • James Wester

          Whether it’s a good idea is a different discussion than why it hasn’t happened! :-)

          It is true that the size of the U.S. market means that it’s a larger amount of fraud, but it still must be remembered that fraud in electronic transactions is measured in basis points, something like 8.27. That means only $8.27 of every $10,000 spent is actually fraudulent. Given the size of the market that means $6 billion. Compared to the total $79 trillion worth of noncash payments, that’s pretty small. Is the cost of switching out millions of terminals and reissuing nearly 1 billion credit and debit cards larger than $6 billion? (And those aren’t the only costs associated with the migration.) Maybe, but the problem is that it’s not one big check written vs one big pot of money lost to fraud. Instead each merchant and issuer must make the case and the cost of fraud isn’t spread evenly.

          Worth noting is that “merchants” and “banks” is a bit misleading when you start talking about fraud and migrating to EMV. At the end of this process, consumers will foot the bill, either through higher prices, higher fees, lower rewards, fewer perqs, etc. Since we’re the ones calling for the change — based largely on a relatively few, high-profile breaches (which wouldn’t even have been stopped by EMV!) — we should be aware what we’re costing ourselves.

          • http://www.doctorofcredit.com/ doctorofcredit

            You’re also not accounting for the amount of time put into fraud preventation and recovery – which is where the real cost to card issuers is.

          • James Wester

            That’s true but I’d argue that “recovery” is less of an issue since it’s basically written into the cost of running a card program. And fraud prevention is also considered a cost of providing a credit or debit card, i.e. it’s baked into the system as it stands now. Thus, issuers have built their businesses on the current rate of fraud. They’re now looking at a higher cost to issue and reissue cards that is anywhere from 5x-10x the cost of current card issuing. Unless the rate of fraud is meant to fall by an equal amount, it’s a hard cost/benefit argument to make.

            BTW – I should add that I’m not against EMV. All of theses assumptions are that, ceteris paribus, migrating the market that accounts for 25% of the world’s electronic transactions may not be a simple matter of “X costs less than Y so do X.” And everything I’m neglecting to account for adds to that complexity. However, I don’t think things will stay the same. The system we have with mag stripes is wildly unprepared for the electronic commerce we’re going to see within a few years. Thus, moving to something better is essential and EMV is an important part of that. It is only part, but it’s a start. We just need to realize that it’s going to take time and we’re already well on our way there.

  • flexx

    I have to agree with James, all new terminals and POS
    systems should be EMV capable in the US market.

    Many Card issuers such as Citi, Chase and BOA already
    produce chip cards. The problems is not many small business owners

    are aware of the need to transition to EMV terminals. I would be
    livid if I were to open a business and then be told that I need to upgrade my
    POS system.

    Hopefully, the EMV awareness will increase in light of the
    security breach at Target, Nieman Marcus, etc.

  • jay

    Smart cards have been in the U.S. military since 1999 I dunno why it hasn’t matriculated into the civilian U.S. yet. :-/