Just how safe is your new chip-enabled credit card?
Even though Americans are just getting their hands on new chip-enabled cards, the FBI has a message for consumers: criminals are still going to be targeting you and your new plastic.
The warning may come as a surprise to some Americans given that the EMV cards (short for Europay, MasterCard and Visa) are touted as using technology that can thwart fraudsters. And, while the cards do offer an edge over the older swipe-type of cards, there are still plenty of ways that criminals can continue to steal information and wrack up fraudulent charges, according to the FBI.
The message is one that the National Retail Federation, a lobbying group for American retailers, has sought to get across to consumers and lawmakers. The NRF last week noted that while the new cards create some roadblocks to criminals, they can't prevent numbers from being stolen and then used online to make fraudulent charges. The problem, according to the NRF, is that the cards don't go far enough because they don't require consumers to enter a PIN number, which would make it more difficult for fraudsters to make charges once they obtained the card numbers.
The problem, in the FBI's view, is that while a chip card is an improvement, it "does not stop lost and stolen cards from being used in stores, or for online or telephone purchases when the chip is not physically provided to the merchant."
"Additionally, the data on the magnetic strip of an EMV card can still be stolen if the merchant has not upgraded to an EMV terminal and it becomes infected with data-capturing malware," the agency noted.
Given that fewer than one-third of business owners said they'd be ready for the Oct. 1 shift to the new cards, it's likely that consumers are still using the magnetic strip when making store purchases. At one recent visit to a J.C. Penney, a store clerk was unaware of the switch to the new cards, and told this writer to swipe her card rather than use the slot for her EMV-enabled card.
EMV cards are more secure than the old-style cards because retailers and card processors don't store the card data in their systems. It's a popular system in Europe, where credit-card fraud has declined sharply since the introduction of chip-enabled cards there.
But there's a crucial difference in how European and American consumers use the cards. Overseas, consumers enter a PIN number when making a credit-card purchase, adding one more layer of security. In America, the chip-enabled cards only require a signature.
Because of those issues, and the fact that criminals never take a day off, security experts continue to urge consumers to monitor their credit card statements for unauthorized charges, and to take advantage of text-based alerts about big charges and account balances, which can help consumers catch fraudulent activity right away.
Interestingly, the FBI issued the alert last week, but pulled it a day later after U.S. banks expressed concerns about the warning, according to ComputerWorld. The American Bankers Association told the publication, "We thought it was not really reflective of the U.S marketplace." The FBI warning was still posted by the agency's San Diego division, however.
The security concerns don't mean that the cards are riskier than the old cards, of course. The message that the FBI and security experts want to get across to consumers is that they should use the chip-enabled slots on new EMV card readers, if a retailer has them installed, and monitor their accounts as they would have done with their older cards.
As the FBI put it, "No one technology eliminates fraud, and cybercriminals will continue to look for opportunities to steal payment information."