If you don’t have one already, you will soon: banks will issue nearly 600 million new credit cards embedded with chips by the end of 2015. They say the cards will cut down on fraud that is costing companies billions of dollars every year.
Consumer expert Amy Davis looked into how the new cards will work and if they’re really as secure as some say.
Target, Home Depot, Neiman Marcus — thieves have hacked into payment systems at major retailers, stealing credit card information from millions of customers. Billions of dollars later in refunds and reissuing cards, the industry’s answer is chip-enabled credit cards.
“Cloning the chips will be hard,” said Chris Bronc, a University of Houston computer security professor.
That’s the idea. About two out of every three fraudulent credit card charges are a result of a thief accessing your card information, then using it to make a counterfeit card and putting all of your account data right on the magnetic strip of the phoney one. But the chips don’t transmit your account information when you make a payment.
“When the chip card is being read by the terminal, the computer chip on the card is generating a unique one time code that changes with each transaction,” said Visa’s Stephanie Ericksen.
That one time code is useless for future transactions, even if hackers intercept it.
But Houstonian Michael Penix wanted to know how thieves got the information from two of his new chip credit cards when the cards never left his possession.
“In less than two months the information was compromised,” Penix told Davis.
Channel 2 Investigates obtained surveillance video of the suspected thief trying to use Penix’s card at a northeast side HEB. The store denied the charges; but a nearby Raceway gas station and Palais Royal accepted the fraudulent charges. So how did the man in the video get Penix’s account information if it’s so secure?
“That’s kind of a mystery I would like to figure out also,” Penix said.
“It’s typically because the mag stripe was used for that transaction at that merchant location that may not yet be able to read the chip on the card,” Ericksen said.
The new cards have a chip, but they still have the magnetic stripe that holds all the sensitive information a hacker needs. The majority of stores don’t even have the equipment to read the chips, so you’re still swiping and they’re still storing your data.
“There’s going to be a conversion period that may take a couple of years for all of the terminals to read a chip all of the time,” said Ericksen.
The first deadline is this October. If merchants don’t have the proper chip-reading terminals by then, they will be liable for fraudulent charges, not the bank. Every time your card company has to cancel your card and send a new one, creditcards.com says it costs the company about $3.50.
“Every time they send you a new card, they’ve lost,” Bronc said.
Really, we all have. But those in the industry said consumers won’t see a noticeable drop in counterfeit credit card fraud until about two years from now.
Bronc said new place credit card fraud is not likely to go down at all with the new chip cards is online. Anywhere you still have to type in your card number manually is a risky place to do business.