Retailers Have Chip-Enabled Card Readers, Aren’t Actually Turning Them On

If you’ve received a shiny new chip-enabled card from your bank or credit card company in recent months, then you’ve probably been through this at least once. You see that a store has the slot for your card, so you assume that the store actually accepts them. Silly shopper! The terminal tells you to swipe the magnetic stripe instead.

According to the CEO of Visa during a recent earnings call, only about 17% of the company’s transactions use the more secure system. The terminals themselves are out there but not activated at some retailers, and others haven’t installed them at all. Why is that?

The liability shift, when credit card fraud became the responsibility of retailers instead of banks if they didn’t have their chip card systems running, already happened on October 1, 2015. If a customer’s bank hasn’t issued them a chip card yet, then the bank is liable for the cost of any fraud that happens. Yet shoppers who have the cards don’t have many places to use them.

While it’s good that customers using the new cards didn’t slow down holiday season checkouts, as some experts anticipated, experts and law enforcement would rather see the more secure cards used more often.

Security reporter Brian Krebs, the person who usually breaks any stories about large credit card breaches, ATM skimmers, and other terrifying bits of mundane cybercrime, wondered about this, since it’s now four and a half months past the liability shift deadline, and local merchants were still asking him to swipe payment cards. Even on payment terminals that had chip readers.

Lots of smaller businesses don’t even have terminals installed to accept chip card payments, though. Why wouldn’t they want to? Payments consultant Allen Weinberg speculates that it’s because small, local businesses:

  • don’t think they’re at significant risk of fraud
  • weren’t aware that the shift to chip cards was coming, or simply weren’t ready to upgrade their equipment
  • don’t want to be the ones responsible for teaching everyone in their community how to use the new cards, or don’t want to force their front-line staff to.

Those are all plausible enough reasons. Yet Weinberg pointed out to Krebs that for most merchants, it will take only one really bad instance of fraud or malicious chargeback for them to “get religion,” as he says, and upgrade their terminals. Then we’ll all be able to use our cards with computer chips in them and join the rest of the world in the 21st century.

Was this helpful? We’re a non-profit! You can get more stories like this in our twice weekly ad-free newsletter! Click here to sign up.

The Great EMV Fake-Out: No Chip For You! [Krebs on Security]
Fake Out – You Can’t Put Your Card in that EMV Slot [Payments View]

Read Comments4

Edit Your Comment

  1. ReverendTed57 says:

    We’re a small retailer. Our merchant services provider was very proactive about letting us know the liability shift was coming, and then offered to cover our liability when the EMV-capable terminal they recommended in August 2015 wasn’t actually ready for the software upgrade until December 2015. So, we had an EMV-capable terminal but couldn’t have used the chip reader for a few months even if we wanted to.
    We scan customers cards for them (in view of the customer), and training the staff took all of three minutes. “If it has a chip, stick it in here and leave it in until it tells you to take it out.”
    It does seem to take a little longer to process the transaction, though.

  2. pigscanfly says:

    If a customer’s chipped-card is stolen and used in a swipe only terminal at a merchant who didn’t upgrade, is the customer still protected against loss by the bank/card issuer or the small merchant?

    • ReverendTed57 says:

      Fraud liability hasn’t changed on the consumer end. If a retailer isn’t using EMV technology on EMV-enabled cards, then the retailer becomes liable for the fraudulent charge, rather than the card issuer, even if they were following best practices otherwise (verifying signatures, etc).

  3. skpurdy says:

    It’s not just small retailers that don’t have these yet. Our local Publix stores and Costco aren’t using these yet. I don’t understand why.