Have you been issued a new EMV chip card yet? It's called "chip-and-PIN" technology, and it's been in Europe and Australia for a while, but now it's coming to America. But will it actually make us safer? Or is it too little, too late?
First, let's define the terminology. EMV is an acronym for the first three companies that developed the technology in these credit cards: Europay, MasterCard and Visa. "Chip-and-PIN" means the card has a microchip that creates a single-transaction code instead of your card number during an in-person transaction, and also requires you to enter a personal identification number (PIN).
Theoretically, the microchip's ability to generate single-transaction codes keeps your card number safe from thieves if there's a data breach where you've used the EMV card. And the PIN ensures that someone can't just steal your card and use it - in an in-person transaction, that is.
Here's the primary issue with the EMV cards: chip-and-PIN technology does nothing to protect you from fraud if the perpetrator uses your card number and expiration date on the phone or online. These are known as "card not present," or CNP, transactions, and CNP fraud has actually increased in Europe after the adoption of EMV cards.
In the U.S., merchants have been slow to adopt EMV technology, because the cards are not yet ubiquitous. We're still swiping the magnetic strip and signing credit card slips, for the most part. And in many cases, even if a merchant has an updated card reader, we're still signing instead of using a PIN (this is known as "chip-and-signature").
This should be changing soon. From October 1 of this year on, if fraud occurs because a merchant doesn't have the equipment to process EMV cards, the merchant, rather than the issuing bank, will be responsible for reimbursing you. And if the merchant does have EMV capable equipment, but the issuing bank hasn't given you an EMV card, the bank is responsible. Hence banks and merchants alike have a strong incentive to come up to speed with the new technology.
You're still going to be susceptible to "card not present" fraud until the credit card companies come up with a new idea to fight it. They've had plenty of time - EMV cards were adopted in Europe in the 2000s, so although we're just getting them here in the U.S., it's not exactly new technology.
What's your experience been with EMV cards? Let us know in the comments below. And keep up to date with the latest news about how to protect yourself from fraud, hacks and data breaches by regularly checking our Happening Now page.