By Matt Schulz, Senior Industry Analyst for CreditCards.com
Call it chip-and-meh.
This weekend, a shiny little technological marvel appeared in my mailbox. It's my new-and-improved Delta SkyMiles American Express card.
How is it improved? It has an EMV chip.
These chips -- which store your data and replace the card's traditional magnetic stripe -- make it harder for hackers to make a counterfeit copy of your credit card if they steal your account information. The chips generate a unique code for every transaction so if fraudsters steal data from a retailer, they won't be able to use that information to make future purchases. And the chips have become the standard in most of the credit-card-accepting world, leaving the United States as the only major economy that still relies on magnetic stripes.
In these post-Target-breach days of heightened worry about credit card fraud, the arrival of EMV (which stands for Europay, MasterCard and Visa -- the card companies that spurred its creation) in America is a big deal. After all, about half of the world's credit card fraud reportedly happens in the U.S., due in large part to our preference for mag stripe cards.
With that in mind, many credit card issuers have begun sending out EMV-chip-enabled cards to people like me with letters that talk about the extra levels of security that these cards provide. In June, Sam's Club became the latest to boast of its new chip-bearing card.
So this is great news, right?
Let me explain ...
Say I take my little boy to the local sporting goods store to get a new baseball bat. We find one that looks cool, of course, and is the right size. Then he takes a few test swings, and we go pay for it.
I pull out my card and -- unsurprisingly -- see that the card reader isn't chip-enabled. (How can you tell? A chip-enabled reader has a slot into which you insert the card, like what you might see at an ATM. If you don't see one, then the terminal's not chip-enabled.) Knowing that, I swipe my card the same way I have for years, sign and walk away, ready to help my son break in his new bat. I'm able to swipe because my new AmEx chip card still comes with a magnetic stripe on the back.
So I've got the best of both worlds, right? I've got the convenience of a mag stripe and the protection of a chip card.
The problem is that because I swiped the card to make the purchase, the chip never came into play. All of the positive things that it can do remained undone. I may as well have had my old card.
That brings me to the dirty little secret of chip cards: They're awesome fraud fighters when you can use them to the fullest -- but that's pretty much impossible in America right now.
Sure, it is great that the card's chip makes it much harder to counterfeit. That is a significant step in fraud protection and shouldn't be ignored. I also understand the technology has its detractors and flaws: For example, it costs a fortune to put in place yet it doesn't really deter "card-not-present" fraud -- fraud done by folks who don't actually possess the physical card.
However, chip technology remains a powerful anti-fraud tool. Now American banks and merchants need to unleash it in full.
Here's what I mean ...
1. Get chip-card readers in stores.
Chip cards aren't any good if most places won't accept them, and that's where we are now in the U.S.
Within the next two to five years, chip-enabled card readers will be everywhere in America. That's because Visa, MasterCard, Discover and American Express have told merchants that if they haven't upgraded their equipment to read chip cards by October 1, 2015, they will be fully liable for their losses in any data breaches.
That move, plus high-profile data breaches like Target, lit a fire under merchants to update their point-of-sale terminals. But it won't happen overnight. Until then, very few merchants -- Walmart being one huge exception -- can read your chip cards. And if your chip card can't be read, then it can't generate a unique code with each transaction, thus negating one of the major benefits of the chip-enabled card.
2. Forget chip-and-signature; give us chip-and-PIN.
While most chip cards around the world are of the chip-and-PIN variety, the vast majority of chip-enabled cards produced in the U.S. (mine included) are chip-and-signature cards. There's no PIN involved. You sign for your purchase, as you always have, with your mag stripe.
That's changing. Barclays recently announced that a chip-and-PIN version of their Barclaycard Arrival Plus World Elite MasterCard is now available. USAA offers chip-and-PIN cards today, but you have to specifically request them. Chase has announced it will start issuing chip-and-PIN cards later in 2014 and Target will start issuing chip-and-PIN cards in early 2015. But it's a slow change at best, and that's a shame.
Putting a chip in a card without also attaching a PIN to it is a wasted opportunity.
Why? It's much easier to forge someone's signature than to hack their PIN. The PIN and the security that it offers are really the key to making all of this work most effectively. (Credit card fraud in the United Kingdom famously fell by more than a third after chip-and-PIN was implemented.)
In short, American Express and other banks are taking baby steps toward new fraud-prevention technology when what is needed is a full-out sprint.
While I understand that many of the steps toward full-scale chip-and-PIN implementation are out of banks' control and must be taken by merchants and others, I'm looking forward to the day when I can break out a chip-and-PIN card to pay for anything, anywhere. That's when we'll begin to see just how powerful a fraud-prevention tool this technology can be.
Until then, meh.
Fraudsters feigned interest in lonely online romance seekers to rob victims of about $50 million last year.
Phony debt collection agencies have pressured victims into giving up millions of dollars. The Federal Trade Commission recently closed down two California-based companies with call centers in India after they defrauded Americans out of $5 million over the past two years.
Craigslist and eBay are a playground for scammers. Consumers have sent payments to places like Nigeria for items advertised online only to discover they have been scammed. Last year, Romanians pretending to be U.S. citizens put fake ads for pricey items on eBay and Craigslist, defrauding Americans out of more than $100 million.
Canadian police arrested a man who tried to take a $70,000 processing fee from an elderly Californian woman who believed she was going to win a $7.5 million lottery prize in April. More recently, eight Jamaican swindlers accused of duping Americans in lottery scams were also arrested.
Fake charity organizations come out of the woodwork to exploit the generosity of others, especially during times of disaster. Most recently, an organization that claims to help disabled veterans called Disabled Veterans National Foundation (DVNF) took millions of dollars from donors without spending the money on veterans.
Scammers targeting struggling homeowners have offered false services to help with mortgage settlements. Mortgage foreclosure scams have shot up 60 percent in 2012 as new federal programs for mortgages have provided avenues for fraudsters to exploit.
Scam complaints related to travelling surged right before spring break last year. Crooks defrauded grandparents out of money when their grandchildren were travelling abroad. The scammers, who find out about the travel plans from places like social media sites, pretend to be the grandchild asking for wire transfers on the phone. The scams have involved scammers pretending in an email to be a victim's travelling relative who has recently been mugged or has lost their passport.
Although there isn't much data on how often it occurs, food scams can pose a tremendous health risk. The chances of dilution and counterfeiting increase when food is imported from other countries, and some foods like fish and olive oil are particularly prone to adulteration.
Scammers have sold drugs to online consumers and then posed as government agents asking the buyers to pay money to avoid jail time. A Texas woman killed herself after being caught up in one of these drug schemes.
Credit card breaches allow fraudsters to make charges on other peoples' cards after getting a hold of numbers. Global Payments Inc., a third party payment processing service for MasterCard and Visa, made headlines in April for reporting that over a million card numbers had been compromised from their system, according to CNET.
Follow CreditCards.com on Twitter: www.twitter.com/CreditCardsCom