Data Doctors: Chip-and-PIN is coming, but it’s not here yet

WASHINGTON – A reader asks about chip-and-PIN credit cards: Q: Is there a way for me to make a chip-and-PIN credit card usable only in a chip-and-PIN reader by disabling the magnetic stripe?

A: Chip and PIN refers to the EMV (Europay, MasterCard and Visa) “smart card” that has been adopted in many countries around the world to improve security on credit cards.

“Chip” refers to a computer chip embedded in the card (usually a small metallic square); PIN refers to a personal identification number you would set up to work with the card.

The process is very much like when you use your debit card to make purchases now, but it’s a whole lot more secure.

The current standard in the U.S. is the magnetic stripe, which contains everything necessary for a thief to replicate the card and sell it. That’s why you keep hearing about so many high-profile data breaches and skimming scams in this country.

Hackers have been targeting POS (point-of-sale) systems at major retailers because they want to steal the information necessary for “cloning” credit cards.  The same holds true for skimming scams, where a fake credit card reader is used to swipe the magnetic information on a card, so it can be reproduced.

The EMV process would make these types of hacks pretty useless, because each embedded chip is uniquely encrypted for a specific card and requires the associated PIN, which is not stored on the card.

Unlike magstripe cards, every time an EMV card is used for payment, the chip creates a unique transaction code that cannot be used again.

If a hacker steals the chip information from a specific transaction, card duplication wouldn’t work because the one-time transaction number created for that purchase wouldn’t be usable again.

The U.S. is far behind in adopting this higher security standard (even North Korea is ahead of us!), primarily because of the cost to card issuers and merchants, but that’s about to change.

The industry has mandated that retailers install chip and PIN-compatible card readers by Oct. 1, 2015. Retailers that don’t will be held liable for any fraudulent charges resulting from accepting payments through a magnetic card reader.

This is a huge shift in liability for anyone that accepts credit cards in their business and should not be ignored.

If you travel to many other parts of the world and you don’t have a chipped card, you’re pretty much out of luck — mag-stripe readers don’t exist there anymore.

But, in the U.S., it’s still pretty rare to find retailers that are allowing you to make a purchase using the chip readers at the moment.

If you pay close attention to the credit card terminals in your grocery store or large retailer, you’ll likely see the chip reader slot at the bottom of the terminal, but if you ask to use it, they’ll often tell you that it hasn’t been activated yet.

As far as making your card only usable on EMV terminals, that would make it pretty useless until later this year, so don’t go rubbing a magnet on the magnetic stripe.

There’s no additional financial exposure to you as a consumer by swiping your card — just the hassle of replacing it when someone you do business with gets breached.

Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question you have on his Facebook page.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up