Every credit card holder in America knows the "swipe and sign" checkout ritual. Line up the magnetic stripe, swipe the card, press "OK" for the amount to be charged, and then sign your illegible scrawl on the screen. The swipe and sign system is so common in U.S. that American travelers are often shocked to learn that almost no other country still does it this way. The international standard for credit card security is called "chip and PIN," and it's now in American wallets.
With chip and PIN cards, the credit card data is stored on a tiny computer chip — not a magnetic stripe — and customers punch in a four-digit PIN (personal identification number) instead of signing the screen.
Chip and PIN credit cards made headlines in the U.S. in December 2013 when hackers stole credit and debit card information from 40 million Target customers, and the names and e-mail addresses of 70 million more [source: Harris]. The craft store Michaels and retailer Neiman Marcus were also victims of massive data breaches. Security experts believe hackers remotely installed malware on the companies' checkout machines that stole credit card data each time a customer swiped a card [source: Hu].
In the wake of the data breach, Target pledged to switch its store-branded credit and debit cards to the new chip and PIN technology [source: Harris]. Visa and Mastercard announced similar plans to switch from magnetic stripes to chip and PIN by October 2015 [source: Gara].
What will the credit card switch mean for the average American consumer? Are chip and PIN cards really more secure than magnetic stripes? And what if you want a chip and PIN card now? Do American stores even accept them?
Let's start with a quick history of chip and PIN technology and how it really works.
What Are Chip and PIN Credit Cards?
Chip and PIN credit cards represent a significant technological upgrade to the traditional magnetic stripe credit cards. Instead of embedding credit card numbers and card holder information in a magnetic stripe, all data is contained within a tiny computer chip built into the card.
Chip and PIN technology has been around since 1984, when French banks began testing chip-based cards. In 1996, the world's leading credit card companies collaborated to create a new, more secure standard based on the French technology In the industry, chip and PIN cards are called EMV cards, an acronym standing for Europay, MasterCard and Visa, the three credit card companies that developed the first international technological specifications for chip and PIN cards [source: EMVCo].
The computer chip inside a chip and PIN card functions like a small computer. Not only can the chip store data, but it's also a data processor. One of the reasons why chip and PIN cards are so secure is that the chip uses cryptography to protect secure data when communicating with a card reader [source: EMVCo]. The chip itself has no power source, but it leaps into action when it comes in contact with a checkout terminal.
The most common way to use a chip and PIN card is to insert the end of the card into a slot on a card reader. Depending on the type of terminal, you will then either enter a four-digit PIN or sign a printed receipt. There are also so-called "contactless" checkout terminals where you simply hold the card near the reader to activate the chip. The same chip technology is being used in mobile phones to enable on-the-go mobile payments.
One of the benefits of chip and PIN technology is that the card reader does not have to be connected to a phone or Internet line to process the charge. With magnetic stripe cards, the card reader must "talk" with the credit card company before authorizing the charge. (In the old days, cashiers would call in the charge over the phone.) In places with slow telephony networks, chip and PIN terminals can work offline, processing the charge using the chip alone and then authorizing the charges in bulk at the end of the day [source: Gara].
Now, let's take a closer look at the credit card fraud problem and how chip and PIN cuts back on theft.
Chip and PIN Credit Cards and Security
The Target data breach during the 2013 holiday shopping season was the largest incident of credit card theft and fraud in the history of retail. The hackers — who were never caught — got their hands on the personal data of millions of Target customers [source: Floum]. It served as a wake-up call to corporate America about the costs of credit card fraud, both to their bottom line and their reputation.
American consumers account for a quarter of credit card purchases worldwide, but are the victims of 50 percent of the world's credit card fraud [source: Floum]. The rate in the U.S. has doubled since the early 2000s as chip and PIN cards spread across Europe [source: Schneider].
As the Target hackers demonstrated, data encoded in old-school magnetic-stripe technology is relatively easy to steal. Magnetic-stripe credit cards are also much easier to counterfeit than chip and PIN varieties. And magnetic-stripe cards offer almost no protection against the most basic kind of identity theft: stealing someone's wallet or purse. Since magnetic stripe cards require no PIN, a thief can simply scrawl a bogus signature — does your "digital" signature look anything like your real one? — and walk away.
The biggest reason chip and PIN cards are more secure than magnetic stripe cards is because they require a four-digit PIN for authorization. That's the easiest way to know that the cardholder is the real owner of the card. Also, since all data and communications are protected by cryptography, that makes chip and PIN cards infinitely more difficult to hack.
However, neither magnetic stripe nor chip and PIN cards offer much protection against fraudulent online purchases. In fact, in the U.K., while in-store credit card fraud has declined greatly, fraud from credit card use over the phone or Internet has exploded [source: Bell].
In Western Europe, more than 80 percent of all credit cards feature chip and PIN technology, and 99.9 percent of card readers are equipped to read them. In Canada and Latin America, the adoption rate of chip and PIN cards is about 54 percent [source: EVMCo]. The U.S. has resisted the switch, making American consumers and their credit cards the "low-hanging fruit" for hackers. But not any longer.
Chip and PIN in America
Why is the United States one of the last countries in the world to adopt chip and PIN credit cards? First of all, America has a strong telecommunications infrastructure, making it easy to instantly authorize purchases made with a magnetic-stripe card, so offline capability is not so attractive. Second, credit card fraud was historically concentrated in other countries, which made them more eager to embrace chip and PIN technology.
Finally, it will cost American retailers and banks around $8 billion to make the switch, between upgrading the credit cards themselves as well as the readers used in retail establishments [source: Schneider]. (It costs around $2 to produce and distribute a magnetic card and $15-$20 to produce and distribute a chip and PIN card [source: Bell].) And, the credit card market in the U.S. is so large and complex — more than 15,000 American banks issue cards — that it's more difficult to implement widespread changes than in countries with a more centralized banking and credit system [source: Ghahremani].
But, high-profile attacks like Target's and the rising concentration of credit card fraud in the U.S. have changed minds. America's largest two credit card companies, Visa and MasterCard, have a roadmap in place for switching over to chip and PIN credit cards by October 2015. Visa and MasterCard won't force banks and merchants to issue the new cards, but they will hold them liable for fraud that occurs with older, magnetic-stripe cards [source: Gara]. In preparation for the switch, large retailers like Wal-Mart and Target have already invested in checkout terminals that can process chip and PIN cards [source: Schneider].
For lots more information on how credit cards work, how to avoid identity theft, and tips for traveling abroad, check out the related HowStuffWorks articles on the next page.
Author's Note: How Chip and PIN Credit Cards Work
The world is such a different place than when I first traveled abroad 20 years ago. Back then, ATM machines were still a relatively new luxury in many countries and the foreign transaction fees for ATM withdrawals and credit card purchases were through the roof. Most international travelers still relied on traveler's checks, which offered protection from loss or theft, but still had to be cashed in for the local currency. It's good to see that U.S. banks are finally catching up with a technology that's already standard abroad. It will make it even easier for Americans to travel without the hassle of making currency conversions or fumbling with an unmanned ticket kiosk at a train station that doesn't recognize our out-of-date magnetic-stripe cards. If the technology switch works, maybe we can even start talking about the metric system. Nah!
- Bell, Claes. "Are Chip and PIN cards coming?" Bankrate.com. (May 14, 2014) http://www.bankrate.com/finance/credit-cards/are-chip-and-pin-credit-cards-coming-1.aspx
- Credit Card Forum. "Chip and PIN credit cards in the USA for 2014?" March 17, 2014. (May 9, 2014) http://creditcardforum.com/blog/chip and PIN-credit-cards-usa/
- EMVCo. "A Guide to EMV." May 2011. (May 9, 2014) http://www.emvco.com/best_practices.aspx?id=217
- Floum, Jessica. "Consumers' online information needs better protection, Senate committee says." United Press International. Feb. 5, 2014 (May 9, 2014) http://www.upi.com/Top_News/US/2014/02/05/Consumers-online-information-needs-better-protection-Senate-committee-says/8461391552898/
- Gara, Tom. "October 2015: The End of the Swipe-and-Sign Credit Card." The Wall Street Journal. Feb. 6, 2014. (May 9, 2014) http://blogs.wsj.com/corporate-intelligence/2014/02/06/october-2015-the-end-of-the-swipe-and-sign-credit-card/
- Ghahremani, Yasmin. "American travelers' 2012 guide to chip and PIN cards." CreditCards.com. June 21, 2012. (May 9, 2014) http://www.creditcards.com/credit-card-news/american-travelers-guide-emv-chip-cards-1271.php
- Harris, Elizabeth; and Perlroth, Nicole. "Target Missed Signs of Data Breach." The New York Times. March 13, 2014. (May 9, 2014) http://www.nytimes.com/2014/03/14/business/target-missed-signs-of-a-data-breach.html
- Hu, Elise. "Analysts: Credit Card Hacking Goes Much Further Than Target." All Tech Considered. Jan. 17, 2014. (May 9, 2014) http://www.npr.org/blogs/alltechconsidered/2014/01/17/263375116/analysts-credit-card-hacking-goes-much-further-than-target
- Kiernan, John. "Chip and PIN vs. Chip-and-Signature." CardHub (May 9, 2014) http://www.cardhub.com/edu/chip and PIN-vs-chip-and-signature/
- Schneider, Howard; Tsukayama, Hayley; and Jayakumar, Anrita. "U.S. credit cards, chipless and magnetized, lure global fraudsters." The Washington Post. Jan. 21, 2014. (May 9, 2014) http://www.washingtonpost.com/business/economy/us-credit-cards-chipless-and-magnetized-lure-global-fraudsters/2014/01/21/6edd171e-7df3-11e3-9556-4a4bf7bcbd84_story.html