U.S. credit card companies have set an October deadline for a switch to chip-enabled cards. Such cards come with embedded computer chips that make them far more difficult to clone, according to banks and card makers.
However, counterfeit cards account for only about 37 percent of credit card fraud, and the new technology is just as vulnerable as current swipe-card systems, security experts say. The changes will require U.S. consumers to switch out their old cards for new ones, and retailers will also need to upgrade their payment terminals. This will all come at a price tag of US$8.65 billion while only addressing a small range of security issues, Reuters reports.
The data on the new chip-enabled cards is stored on a computer chip, not a magnetic stripe, with customers able to use the cards by punching in a four-digit personal identification number instead of signing the screen. However, the U.S. does not plan to issue PIN codes and will continue requiring customers to sign their signatures at checkout.
Chips function like small computers by storing data, and processing that information when communicating with a card reader. The chip itself is devoid of a power source, but will function when in contact with a checkout terminal. This means card readers do not have to be connected to a phone or Internet line to process a charge. They can simply work offline and process the charge using the chip alone, before authorizing the charges in bulk later on.
Reuters reports security experts say the technology still leaves data unprotected at three key points: When it enters a payment terminal, when it is transmitted through a processor, and when it is stored in a retailer’s information systems. The new cards also do not protect against data being stolen during online transactions.