U.S. banks, tired of spending billions each year to pay back fleeced consumers, are in the process of replacing tens of millions of old magnetic strip credit and debit cards with new cards that are equipped with computer chips that store account data more securely.
By autumn, millions of Americans will have made the switch from the old magnetic strip cards. That 50-year-old technology, replaced in most of world, lingers on the back of U.S. cards and is easily copied by thieves, leaving people vulnerable to fraud. Roughly half of all credit card fraud happens in the U.S. even though the country only makes up roughly 25 percent of all credit card transactions, according to a report by Barclays put out last week.
This entire switch is a massive undertaking. Roughly half of all U.S. credit and debit cards will be replaced by the end of the year. Tens of thousands of individual merchants need to upgrade their equipment to allow for chip transactions instead of "swipe-and-sign" ones. If the stores aren't ready, they could be on the hook to cover the cost of fraud.
The biggest difference between the magnetic card and the smart card is the metal chip embedded on the front, which means personal data is much safer. The chip assigns a unique code for every transaction made on the card. Even if a thief acquired that code, it couldn't be used to make another purchase.
Chip cards are also harder to duplicate, although it's not unheard of. Overall, the chip cards are more secure than magnetic cards, which are vulnerable because once thieves get a copy of a credit card information, it can be quickly copied onto counterfeit cards.
Chip cards have been common in Europe for more than decade, and they've been standard in other parts of the world for some time.
"The chip technology is designed to prevent copying of the card," says Ellen Richey, vice chairman of risk and public policy at Visa.
In the U.S, chips-embedded cards have seen limited use until now. Laundromats, for instance, are one place chip-reading cards are being used.
At this point, the majority of magnetic-stripe credit cards have been replaced with chip cards. Banks are in the middle of issuing chip-based debit cards, with Bank of America starting late last year and Chase and Citi starting this summer. Regional and smaller banks are also rolling out these cards to their customers, most of them starting later this year.
All chip cards also come with a magnetic strip in case chip readers aren't available. However, if a merchant does accept chip cards for purchases, it's a must to use that option as it's more secure.
The change is mostly coming from banks and payment processing companies Visa, MasterCard and American Express. Banks have wanted a more secure form of payment because they have generally been on the hook for any fraud that happens on their cards. Originally the banks were relying on their own software and data from the payment networks to catch fraud at the point of sale in the U.S., but it became clear something more was needed, Richey said. Banks, particularly small banks, would often pay out of pocket to cover any fraud that happened on their customers' payment cards. The American Bankers Association estimated that bank account fraud cost the industry $1.74 billion in 2012, the most year the data is available.
The payment networks have set a soft deadline of October 1, 2015 for the switchover to be made. After that date, most merchants who continue to accept magnetic strip cards and have not upgraded their equipment could have to pay for any credit or debit card fraud that happens in their stores. The "liability shift," as it's called, presents a looming deadline for the banks, payment companies and merchants.
The type of card being rolled out in the U.S. will still need a signature while paying for something. Eventually what will be used in the U.S. is what's used in the rest of the world, known as "chip and PIN." Security experts believe this is a very safe way to pay for things. Signing for a credit card purchase provide near-zero security since signatures vary and are rarely checked.