October 21, 2015 By Rick M Robinson 2 min read

Chip-and-PIN credit and debit cards have arrived, adding a new layer of security for payment cards. But the technology is not a security panacea, and its full potential still has not been implemented in the U.S.

Even when completely integrated, it will not protect against all payment card fraud, especially when it comes to online fraud — which means that some basic precautions will still be in order for card users this holiday season.

Goodbye to Magnetic Strips

Over the last few months, Americans have been receiving updated credit and debit cards that contain a computer chip, called an EMV chip. The name stands for EuroPay, MasterCard and Visa, the companies that originally developed the system.

Similar chip-and-PIN cards have long been used in Europe. As reported by Inc. Magazine, the U.S. has been behind the times in sticking with old-style magnetic strips that are easily duplicated by card forgers. In contrast to magnetic strips, EMV chips generate a unique code for each purchase — meaning that thieves can’t simply copy and paste the code.

On Oct. 1, new rules went into effect that made merchants financially responsible for fraudulent payment card transactions processed on old-style magnetic strip readers. The new rules were intended to pressure retailers into updating their point-of-sale (POS) technology. Consumer legal protections regarding credit card fraud remain unchanged.

Improved Security, but No Revolution

But chip-and-PIN technology has its limits — especially in the U.S., where new cards have the EMV chips but are not provided with PINs, which are entered by the cardholder as an additional layer of protection.

Accounts differ as to why PINs have not been implemented in the U.S. According to CNN, some executives argue that consumers would resist having to memorize the numbers, even though debit card users are already familiar with using PINs at ATMs and POS terminals.

And as reported at The Oregonian, the rollout of EMV chip-reading technology has not been entirely smooth. Retail merchants have invested heavily in new POS card readers only to find that card issuers’ back-end support for the technology is still lagging.

Protecting Against Payment Card Fraud

All of which means that while chip-and-PIN technology (or even just the EMV chips) is an improvement in payment card security, it is no revolution. For one thing, the technology is designed to limit fraud through physical copying, duplication of cards or other abuses related to card-reading devices. The chips do nothing to protect against online payment card fraud, which depends on account numbers and passwords rather than the physical cards. As one security expert noted, computers and mobile devices don’t have card readers attached.

For consumers, the need for basic self-protection against credit or debit card fraud remains. Because magnetic strips have not disappeared and some merchants may continue using old-style card readers for some time to come, report a lost or stolen card promptly. Physical card fraud will become harder, but your card issuer needs to know if your card has fallen into the wrong hands.

Continue to check statements for any purchases that you did not make. This is especially true for online purchases, which chip-and-PIN cards do not help protect, but statement checking remains a basic protection for all payment card purchases. The world of payment cards has not really changed that much, and neither has the need for prudence in safeguarding yourself.

More from Retail

5 ways to improve holiday retail and wholesale cybersecurity

4 min read - It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping…

Cost of a data breach: Retail costs, risks and prevention strategies

3 min read - Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons learned by 2022 cyberattacks: X-Force Threat Intelligence Report

3 min read - Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today