From all the grumpiness over the “EMV” chip-card transition, you’d think that the circuitry embedded in our new credit cards delivered a small electric shock every time you inserted one into a terminal at a check-out counter.
Customers say they don’t like chip cards because you have to leave them in a reader for as long as half a minute instead of swiping a card’s magnetic stripe with a single, satisfying flick of the wrist. Retailers complain that after costly hardware and software upgrades, they still can’t take chip-card payments because their systems have yet to pass required certification tests.
And the core problem these new cards are supposed to solve — fraudulent card use — can’t go away as long as thieves can use lost or stolen cards in stores or type in a card’s digits at any online store.
And yet as we hit the first anniversary of the day that merchants began having to eat the costs of EMV chip-card fraud if they hadn’t updated their payment systems for chip cards, I can’t work up any real outrage over this transition.
Chip cards solve two real problems
EMV — an abbreviation for Europay, MasterCard and Visa, the three developers of the standard — stops the leading cause of fraud, the use of counterfeit cards. Instead of sending over a card’s digits to the reader unencrypted, which is what happens when you swipe a “mag stripe,” the chip in an EMV card powers on when it’s placed in a card reader’s slot, then encrypts your information before sending it to the reader.
That leaves no way for a thief to clone your card and use it in an EMV reader. The result, as Visa (V) brags in an infographic: a 47% drop in counterfeit-card spending between last May and this May at merchants who have completed chip-card upgrades. MasterCard (MA), in turn, cites a 54% drop in counterfeit costs from April 2015 to April 2016.
And since counterfeiting was the top source of card fraud this year — a report from the research firms Aite and Iovation estimated this year’s losses due to counterfeit cards at $4.5 billion, versus $4 billion in losses from “card-not-present” fraud conducted online or over the phone — that’s a notable achievement.
It’s true that chip cards that don’t require you to confirm a purchase by punching in a PIN don’t stop the fraudulent reuse of lost or stolen cards, but that’s a smaller problem: Aite and Iovation estimated its costs at $800 million this year. Of course, if we’d adopted “chip-and-PIN” cards as many other countries have, the people screaming over the wait to have an EMV transaction complete would be just as irate over also having to key in a four-digit code.
Meanwhile, there’s this thing called the rest of the world — most of which moved to EMV cards long ago. With chip cards in your wallet, you don’t have to feel like a chump when you pay with plastic in other countries. And you can’t count on mag-stripe cards working at all in ticket-vending machines and other automated kiosks overseas.
Having a “chip-and-signature” EMV card used to pose a risk at ticket kiosks, but I’ve had no issues using mine to pay for subway fares in London, Paris and Barcelona; the kiosks in Berlin’s U-Bahn, however, demanded a PIN during my visit there for September’s IFA trade show.
The job isn’t done
The biggest problem with the EMV transition in the US isn’t the wait to have a transaction complete, but the wait for stores to support EMV cards at all. While some notable holdouts have switched on their EMV card readers, I still find myself conducting a large minority of my card transactions using the magnetic stripe—and readers have told me much the same.
Many times stores will support EMV but won’t have that option activated, forcing retailers to tape on signs with messages like “Chip Reader Coming Soon!” or the more excitable “SWIPE YOUR CARD!!! NO CHIP!!!”
Retailers say it’s not their fault. In a National Retail Federation survey, 57% of merchants said they’d put in new card readers “but were still waiting for certification by the card industry”—and 60% of those held up said they’d been waiting for six months or more.
Restaurants and bars, meanwhile, remain much further behind.
When new card readers also “tokenize” card numbers, replacing their actual digits with one-time codes, they also stop them from being reused for online or phone transactions. But that effort is not nearly as far along as the EMV transition — something I learned firsthand when I had to get a new EMV card replaced after some crook tried to use it at some Ukrainian online store.
As for that chip-card holdup at the checkout counter, which can be prolonged if the reader doesn’t sense your card’s chip, that will improve as Visa and MasterCard roll out software updates that cut the chip-processing time down to a few seconds.
But — yes, you’ve read this before — this upgrade will take time. Visa’s “Quick Chip,” for instance, is only in use at a single chain of grocery stores in California and Oregon, although the company expects other merchants to deploy the update before the holiday season.
But eventually, it will get done. And we can go back to complaining about a far more notorious cause of checkout lag: The person in front of you who insists on paying with a check.
More from Rob:
- Here’s the cybersecurity debate Clinton and Trump should have had
- How HP’s decision to reject some ink cartridges reflects a much bigger problem
- How the government plans to make your self-driving car safer
- No, Ted Cruz, the US isn’t giving away the internet
- The EU’s new copy right reforms could change the internet
- Facebook outlines plans to insert ads into Live videos