I know about the recent requirements for chip card readers. Many of them also have the traditional magstripe readers. Which completely defeats the purpose of the chips and is a major security risk. Putting a chip and stripe on the same card, as many banks are currently doing, is just stupid and reckless. It doesn’t matter how secure the chip is if a crook can just copy the strip. As long as magstripe cards are usable, they will be the weapon of choice for thieves, scam artists, and counterfeiters.
Because America’s millions of merchants can’t all switch card readers overnight. Issuing cards that won’t work with a large proportion of merchants is simply unacceptable to cardholders. Magstripes are being phased out, but it’ll take time, and there will be a transitional period where both are supported.
Further the credit card companies have shifted the liability from themselves to the individuals running the readers for any fraud with a swiped card. This is designed to get the merchants to switch. For my company buying a reader would cost me about 10% of my monthly gross revenue since we’ve never had fraud ts not worth it to the us. On top of that many of the small reader companies like square don’t have a chip reader plug in for phones so the small companies who can’t afford a full pos system but have added to the availability of readers everywhere can’t make the switch either.
What they said - the merchant infrastructure/ecosystem demands backward compatibility.
Even as it stands the US is not even going to the more secure chip-and-PIN scheme most of the West has been using for years, but rather to the halfway-there “chip-and-signature” set-up first. No idea why was THAT. I do hope the new terminals can be firmware-updated to become chip-and-PIN when the time comes or the merchants will spend another five years asking “but why should I buy your terminal AGAIN?”
Also there’s the issue of use of cards in ATM terminals – the ATM is also on the magswipe format not just in the US but also in Europe.
Oh, and an addendum to Oredigger77’s post: the credit card companies have made one exception to the change in who’s liable, for the case of pay-at-the-pump gas stations they have delayed that rule to 2016 or 2017 depending on the issuer. Because that migration is apparently a lot more cumbersome (or the oil companies have a lot more pull than the retailers).
This really is more of a General Question than a Great Debate. (Even if it has been answered.)
All my UK issued cards still have the magswipe. Retailers are still obliged to offer swipe-and-sign, although you often have to go to a special desk.
All of my credit cards have been updated to chip cards (with a mag stripe on the back), but the bank debit cards (just re-issued this month) are mag-stripe only.
If I swipe any of my chipped credit cards at a terminal that supports the chip, the terminal prompts me to insert the card into the chip reader to continue. So they’ve clearly encoded an “I have a chip” message into the magnetic stripe, enabling it to work at older terminals that don’t support the chip, while forcing use of the chip at compatible terminals.
As more and more terminals get upgraded to support the chips, mag stripes will become less and less of a viable target for thieves. Sure, they can still copy the mag stripe data, but they can’t use it at a chip terminal. There’s still a huge gap, but it’s finally starting to close.
Well, part of it is being in a transition period - where I work we have the hardware, but due to some sort of software problem (not my area, so I don’t have details) our customers can’t use the chip readers yet, even though they’re at the point of sale. I know the company is scrambling to fix whatever the problem is, and I’m sorry some of the customers are upset about it (lordy, had two today wanted to read the riot act over it), but if they new system isn’t working it isn’t working and honestly, how about some gladness the swiping still works so you can still pay for your groceries and goodies and we don’t have to hear you whine about carrying cash or writing checks?
Who knows how long the dual-systems will be in place? I certainly don’t.
Oh, and I don’t have one single card yet with a chip. Next time I’m off during the business week I have to call the bank about that.
Broomstick, what banks do you get your cards from? I ask because the banks sent me my chip cards about 4 to 6 months ago.
I typically carry three credit cards - two visas and a Discover card. Of the three, only one - one of the visas, has been replaced with a chip card.
Well, part of it is that not all cards contain a chip. I got a brand new debit card earlier this year and it has no chip.
So retailers need a machine that can read the stripes, and will until all cards in circulation have the chips.
And the deadline for when that change would happen is October 1, so we are right in the changeover period.
I work for a national chain of convenience stores, and we recently got an email about this. They spent about $1000 per store replacing our pinpads with ones that can read chips in the past year, and spent a million dollars to have our software upgraded to where we can take the chips for payment. Unfortunately (they say), the exact specs for how the chips work was only released earlier this year, so the software upgrade won’t be ready for a few months.
So not all cards work through the chip reader, not all chip readers work yet, the chip reading pinpads are expensive, and the change in who was liable for fraud happened a bit over a week ago. That is why the cards with chips still have a magnetic stripe on them.
Just some info.
Square does have a chip reader. They are horribly back logged on getting them out. They will accept liability for non-chipped transactions if you have one on order.
The magstripe was invented in the early-mid 1960’s by IBM. It didn’t find itself on the back of credit cards until American Express started deploying cards with magstripes in 1973. Visa and MasterCard (only recently renamed from MasterCharge at the time) didn’t start issuing magstripe cards until 1980.
It wasn’t until the late 80’s that AMEX/VISA/MC started “insisting” on MSR transactions. I think that was in 1989. At that time, the insistence meant that they would still process imprint (zip-zap or knuckle buster) transactions, but they imposed a mandatory surcharge on each such transaction, in addition to shifting liability for chargeback or fraud claims on to the merchant. Honestly, I think you can still process imprint transactions but they probably charge the same as “card not present” (CNP) transactions like phone or internet orders, which have always been more expensive for merchants.
Now we have EMV (Europay/Mastercard/Visa) standards coming to the US after many years on the world market. A large part of the reason EMV has taken so long to be adopted in the US is the robust communication network in this country. In remote (and not so remote) areas of the world, communication networks have been such that real time approval from card issuers is a much bigger challenge and merchants were, by and large, being told “tough shit” when they sent an imprint transaction in for payment on a defunct card.
I don’t want to cross post the same response, so here’s my post regarding the technology of EMV in an MPSIMS thread on the same topic. Specifically, the second to last paragraph about offline transaction tech offered by EMV that is not available with magstripes.
Basically, magstripes still work for the same reason non-magstripe transactions have worked since the dawn of credit cards. Risk versus reward. Merchants and card issuers do not want to turn down a transaction if the odds are in their favor that the charge won’t be reversed. They’re really the only two players with skin in the game. As a card holder in the US, you can be held liable for (at most) $50 and most card issuers will completely waive your liability.
It’s either the card issuer (bank) or the merchant left holding the bag in cases of fraud and by shifting liability to “he who doesn’t comply with EMV standards” VISA/MC/AMEX/DISC payment networks are incenting both sides to get up to speed.
Fifth Third.
I tried that a few times since Canada went across-the-board chip cards, attempting it with credit and debit cards.
The same thing happened. The machine told me to insert the card. Now it might tell me to touch the machine with the card.
The mag strips on my cards still work in the States, though. Or they did the last time I was there.
There are massive multi-billion dollar companies in the US that have the POS hardware to accept chip cards but don’t accept them yet. I was really surprised when Wegmans didn’t switch over on October 1.
I have 4 cards; none of them with a chip. I have never heard a word from the issuing companies or concerns I have accounts with about any change.
I got a new ATM card a few months ago from BofA and it has a chip. I basically only shop for necessities at a few stores, but I haven’t encountered a point of sale chip reader terminal yet.
I have 3 personal credit cards, one debit card and one work issued credit card. Of those 5 cards, only one has not sent me a chip card. Another one was replaced twice with chip cards in short order due to card fraud, and the non-chip card I barely use. So I guess 3/5 cards were replaced proactively by the card issuers before they expired.
The liability shift is really on the merchant though. Swipe transaction fraud was always absorbed by the card issuer before. The only thing new is the merchant liability of a card present transaction that wasn’t there 10 days ago.