Retailers Have Chip-Enabled Card Readers, Aren’t Actually Turning Them On

If you’ve received a shiny new chip-enabled card from your bank or credit card company in recent months, then you’ve probably been through this at least once. You see that a store has the slot for your card, so you assume that the store actually accepts them. Silly shopper! The terminal tells you to swipe the magnetic stripe instead.

According to the CEO of Visa during a recent earnings call, only about 17% of the company’s transactions use the more secure system. The terminals themselves are out there but not activated at some retailers, and others haven’t installed them at all. Why is that?

The liability shift, when credit card fraud became the responsibility of retailers instead of banks if they didn’t have their chip card systems running, already happened on October 1, 2015. If a customer’s bank hasn’t issued them a chip card yet, then the bank is liable for the cost of any fraud that happens. Yet shoppers who have the cards don’t have many places to use them.

While it’s good that customers using the new cards didn’t slow down holiday season checkouts, as some experts anticipated, experts and law enforcement would rather see the more secure cards used more often.

Security reporter Brian Krebs, the person who usually breaks any stories about large credit card breaches, ATM skimmers, and other terrifying bits of mundane cybercrime, wondered about this, since it’s now four and a half months past the liability shift deadline, and local merchants were still asking him to swipe payment cards. Even on payment terminals that had chip readers.

Lots of smaller businesses don’t even have terminals installed to accept chip card payments, though. Why wouldn’t they want to? Payments consultant Allen Weinberg speculates that it’s because small, local businesses:

  • don’t think they’re at significant risk of fraud
  • weren’t aware that the shift to chip cards was coming, or simply weren’t ready to upgrade their equipment
  • don’t want to be the ones responsible for teaching everyone in their community how to use the new cards, or don’t want to force their front-line staff to.

Those are all plausible enough reasons. Yet Weinberg pointed out to Krebs that for most merchants, it will take only one really bad instance of fraud or malicious chargeback for them to “get religion,” as he says, and upgrade their terminals. Then we’ll all be able to use our cards with computer chips in them and join the rest of the world in the 21st century.

Was this helpful? We’re a non-profit! You can get more stories like this in our twice weekly ad-free newsletter! Click here to sign up.

The Great EMV Fake-Out: No Chip For You! [Krebs on Security]
Fake Out – You Can’t Put Your Card in that EMV Slot [Payments View]