why do some credit cards have chips

Timing was part of what slowed things down. The October liability transition coincided with the start of the holiday shopping season, and pundits agree that retailers were wary of implementing a large systemic change during their busiest season. Additionally, some stores have purchased new payment terminals but still don t accept chip transactions. You ve probably encountered a cashier at least once who said,
No, we don t use chips yet, just swipe, when you tried to dip your card. It s noticeable because hundreds of millions of cards have now been replaced, and the vast majority of consumers have chip cards in hand. But the EMV Migration Forum in March that U. S. stores have about 5 million chip-enabled terminals even though, as Visa and the Forum both point out, only a little more than 1 million have started actually accepting EMV transactions.


This means you re much more likely to encounter a terminal that looks like it can accept chip cards rather than one that actually can. Computer researchers claim to have found yet another flaw in the upgrade to the chip-based credit cards in the United States. The chip on these credit cards have been praised for making them nearly impossible to counterfeit. While the cards also contain a magnetic strip, that strip is supposed to tell the payment machine to use the chip.


But there's a relatively easy way to knock down that safeguard. Computer security researchers at the payment technology company NCR demonstrated how credit card thieves can rewrite the magnetic stripe code to make it appear like a chipless card again. This allows them to keep counterfeiting -- just like they did before the nationwide switch to chip cards. They presented their findings at the Black Hat computer security conference on Wednesday. This claim of a glaring hole in EMV, the chip-based system, is possible because of the way many retailers are upgrading their payment machines: They're not encrypting the transaction. "There's a common misperception EMV solves everything.


It doesn't," Patrick Watson, one of the researchers, told CNNMoney. On Thursday, a banking and retail industry group that monitors the EMV system cast doubt on the theory. "If the data on the magnetic stripe is altered it might fool the terminal," said U. S. Payments Forum director Randy Vanderhoof. But on the back end, the system would "reject the transaction. " But the discovery of this possible flaw bolsters the retail industry's complaints against the upgrade, which was forced upon shops by banks. The National Retail Federation has long complained about the upgrade, which is estimated to cost American retailers $25 billion.


This latest research shows that retailers could spend millions of dollars upgrading to EMV and still not protect their customers from a massive credit card theft like the Target and Home Depot hacks two years ago. Adding to the problem, payment terminal makers keep producing machines that don't have the encryption by default. And vendors who sell and install these machines at shops don't simply flip the switch and turn on encryption. Retailers have to pay extra for basic security. The major machine makers, Verifone and Ingenico, both asserted they offer point-to-point encryption on retailer's machines -- but it's up to retailers and their partners to turn it on.


Currently, retailers focus on protecting the computer network that support their payment system. But that leaves the actual conversation between your credit card and the machine in plain text, readable to any hacker who breaks into the system. It's a mistake, said Mike Weber, vice president at the IT auditing firm Coalfire. "They're assuming the environment is okay," he said. It's not. During their presentation, the NCR researchers advised shops to "encrypt everything" in a transaction. They also said consumers should pay with special apps on their phones and watches whenever the high tech option is available.