That little
3" x 2" piece of plastic in your wallet is getting an upgrade. That’s
right; your debit card is getting a face lift. Talk about plastic surgery! Honestly,
most of us don’t give a lot of thought to how that debit card works on a daily
basis. For years, we’ve just swiped the card, typed in our PIN number, and
headed home with our stuff.
Beginning late
in 2015, that process started to change. Banks and financial institutions began
rolling out the new chip debit cards. These MasterCard and Visa cards look like
the ones you’ve used for years—the same numbers, logos, security number on the
back and magnetic strip. So what’s new?
The real difference with these new cards is the small computer chip
embedded in the front just above the first set of numbers. That little metallic microchip allows your card to
"talk" to the latest chip-enabled point-of-sale terminals at your
favorite stores.
Why
all the fuss about this little chip? The
standard magnetic strip cards we typically use in the U.S. are based on a
50-year-old technology. The magnetic strip stores your name, account number,
the card expiration date and the security code from the back of the card. If
someone stole your card or even just swiped it through a card reader, all of
that information could be used for illegal purposes and even full-blown
identity theft.
The new EMV
chip cards, however, have been used in Europe since 1994 as an attempt to
battle the high rates of fraud and counterfeiting. EMV stands for Europay/MasterCard/Visa
— these companies have worked together to implement new, more secure
technology.
The card’s
microchip creates a unique one-time-use code for each transaction. This makes
the cards more difficult to counterfeit and makes them useless for onsite
retail purchases if someone steals your card without knowing your PIN. It also
prevents hackers from getting your account number in the event of a store’s
data breach.
This has
significantly reduced counterfeit card fraud, saving Europeans hundreds of
millions of dollars. As a result, EMV chip cards have almost completely
replaced the magnetic-strip cards in Europe and they’re gradually replacing
them in Asia, South America, Canada and Mexico. In 2015, the U.S. started
transitioning to the new EMV technology and has already seen a reduction in
card fraud figures.1
It’s about data protection.
You may think, “But I’m super
careful with my card. Why do I have to jump through these new hoops?” Fair question. The problem is, though, that retailers may
not be as careful with your personal information.
Take the recent
Target data breach, for example. During the Christmas shopping season of 2013,
hackers gained access to Target’s customer database. Over 60 million people had
their personal information accessed including 40 million card numbers used by
Target customers.2
That means all you had to do to put your
personal information in jeopardy was buy one Christmas present using your debit
card at Target.
If you were one
of the victims, the good news is that Visa, MasterCard or the issuing bank was
responsible for protecting you from fraudulent charges per their different
protection plans.
That was bad
news for the banks, because they were out tens of millions of dollars in losses
from covering those charges. In the end, the banks sued Target, and Target
agreed to a $39 million settlement with several U.S. banks to reimburse them
for their losses.3
That was the
last straw for the U.S. banks who were tired of being on the hook for
fraudulent charges because of outdated card security. In response, they started
revising their policies and security practices, looking to use the European EMV
model here in the states.
Banks set a
date of October 2015, and they encouraged American retailers to replace the
outdated swipe-only card readers for the new chip-and-PIN terminals. That’s
when things started getting confusing for all of us!
Who’s responsible for your protection? As of October 2015, the liability for card-present (a
physical card used in a store) fraud shifted to whichever party is the least
EMV-compliant at the time of the transaction. Three players could be liable:
1.
The retailer (where you shop)
2.
The card issuer (your local bank)
3.
The credit card company who backs
the debit card (like Visa or MasterCard)
For example, if
you use your debit card at a retail store that hasn’t updated its card terminal
for the new chip-enabled security, the retailer is now responsible for any
losses you incur if your personal data is stolen.
The card issuer
figures they’ve done their job in making the new security systems available, so
if the retailer doesn’t take advantage of them, they’re on the hook for any
mishaps.
However, if the
store has updated their payment technology and your information is hacked, the
card issuer (backed by the credit card company) assumes responsibility just
like they always have.
These kinds of
Target-style data breaches shouldn’t happen anymore if you’re using a new
chip-enabled debit card at a chip-enabled point-of-sale register.
The chip on
your card doesn’t pass your actual card number to the retailer; instead, it
creates a one-time-use number that’s only good for the transaction you’re
making at that moment. Even if someone hacked the store’s database, your card
number wouldn’t be on file, so you wouldn’t be in danger.
Online fraud is
another matter. Since the new chip cards have an actual card number printed on
them, that’s the number, you’d use to make purchases online.
So, if someone
stole your card number, they could make fraudulent online purchases on your
account. In that case, the card issuer (backed by the credit card company) is
liable for any illegal charges.
This is the bottom line. Generally speaking, your debit card issuer (your bank)
assumes the main responsibility for your account and it provides fraud and
purchase protection backed by Visa and MasterCard.
Any
debit charges you make are processed only by your bank—they aren’t processed through
Visa or MasterCard whether you use your PIN at the point of sale or not.
If you file a
fraud claim, though, the bank will probably check to see if the retailer bears
the burden. That’s a fight between the bank and the retailer, however. On your
end, the bank should refund any money lost due to fraud.
It’s also worth
noting that this change is not the result of any new laws. There have been no
new laws passed regarding chip-enabled cards. This is all coming from the banks
trying to eliminate the fraud that costs them millions of dollars every year.
The new EMV chip debit cards are the first step in that process.
The most
confusing part of this transition is that we’re currently in the "messy
middle" of the chip-card transition. European banks have fully
transitioned, so their cards have no magnetic strip at all. American cards,
however, have both the chip and a magnetic strip right now.
In a few years,
American cards will also drop the magnetic strip and we’ll be fully
transitioned. For now, though, not knowing when you should swipe or when you
should insert the card into the chip reader is a pain, and there’s a good
chance the clerk behind the counter won’t be informed enough to help you.
Knowing that,
here are a few things to keep in mind during the chip-card conversion:
1.
If you’re using your chip debit card
at a chip-enabled retailer, you probably won’t have the option of choosing
"credit" at checkout. That’s good, though, because chip debit cards
are much more secure when used with a PIN.
2.
If someone steals your physical
card, they won’t be able to use it in a chip-enabled physical retail store
unless they also know your PIN.
3.
Retailers are already supposed to
have chip-enabled terminals in place, but gas stations have until late in 2017
to update their hardware.
4.
The microchip produces a unique
one-time digital authentication code for each transaction when the card is
verified with the user’s PIN. That means the retailer won’t even know your
actual account or card number, meaning it can’t be hacked and stolen later.
Get in the habit of checking your account activity weekly to monitor
transactions. As soon as you see something
suspicious, call the bank that issued your debit card and alert them to
possible fraud.
Many card
issuers, as well as Visa and MasterCard, provide extra measures you can use to
protect your card information when making online purchases. If you shop online
often, check into that information.
Of course, the
rules for chip debit cards are likely to change as the technology changes, so
you should always check with your bank to see exactly what their policy is and
how you can best protect yourself.
In general, you should have confidence when using your EMV chip debit
cards because they provide the most secure transaction when used in combination
with your PIN.
*Adapted from the article, “Chip Debit Cards: What You Need to Know,” by Dave Ramsey
1 Charisse
Jones, "Visa: Some Merchants See Dip in Fraud Thanks
to Chip Cards," USA TODAY, April 19, 2016.
No comments:
Post a Comment