What's behind the chip card delays?
CHICAGO -- The I-Team from KABC-TV sister station WLS investigated a lapse in security concerning your credit and debit cards. The new chip technology was rolled-out nationwide last fall. So why are you still swiping your cards?
Banks, credit card companies and retailers want more protection for their customers and they want protection for themselves from the billions of dollars in fraudulent purchases created by criminals. But six months after the change-over began, consumers are still at risk, swiping their cards.
Smart-chip technology is replacing the magnetic strip to keep data safe but the transition has been slow. A recent study by Card Hub says 42 percent of retailers have terminals which aren't updated.
"I go and put my card in and they say, 'We're not ready for that' and I have to swipe," said Benito Olvera.
"I've noticed that a lot of the places do not have it so I think they should get on board," said Barb Jutala.
In 2014, $16 billion were stolen via credit cards with magnetic strips. Nearly all of those data compromises happened at the check-out terminal.
"With a mag stripe card, that info is available, it isn't encrypted, it doesn't change because it's static information, so once you get a hold of that information and have a lot of it, it's relatively easy to make counterfeit cards with it and ultimately fraudulent purchases," said Michael Petitti, Senior Vice President of Global Alliances for Trustwave.
Fraud is still just a swipe away thanks to skimming devices, like the one found at a Lombard gas station earlier in April. Skimmers steal data from magnetic strips. Smart-chip cards prevent data theft by creating a unique code for each purchase.
"The retail industry has done its job but it's the credit card industry that's dropped the ball. All of those machines that you see just sitting there swiping cards they are ready to go, we just need the card industry to flip the switch and turn them on," said J. Craig Shearman of the National Retail Federation.
That may be easier said than done given there are millions of merchants making the transition.
The group representing credit card companies and payment processors said they are on track to complete the certifying process five years from now, hitting all the major retailers first.
Adding to the delays, larger banks have upgraded to smart-chip technology in cards but according to CreditCards.com, a third of U.S. card holders still do not have the upgrade.
"I've heard estimates of five to seven years that we will still see mag stripes on the back of cards," said Kandie Alter of the Federal Reserve Bank Chicago.
Target took a big hit in 2014 when the 40 million card, data-breach caused the company's CEO and Executive Director of Technology to resign. They were one of the first retailers to get their store-issued smart-chip cards to their customers. Those cards also require the card holder to have a pin instead of a signature.
"It's actually quite a bit more secure than a chip and signature because a customer has to remember their pin and it's one added level of security on those cards so Target really went above what most retailers and card issuers are doing at this point," said Alter.
Most banks and credit cards have dropped that pin option. Critics said not using a four-digit PIN is like locking the front door and leaving your backdoor open. And security experts predict fraudsters will move to target online purchases, where credit card chips offer no protection.
According to Trustwave's just-released report, a third of all credit card breaches were through e-commerce.
