Sunday, December 17, 2017

Keep an Eye On Your Chip!

Posted by Sharon August 1, 2016 5:38pm

Photo Credit: alicephoto

By: Sharon Geiger, Senior Quality Control and Review Specialist

By now, a lot of credit card and debit card companies in the U.S. have begun to issue cards with the new “chip” technology. Here’s a little background on the chip card technology and its unfolding in the U.S. 

The chip, which is a small, metallic square on the front of the card, stores the same basic information as the magnetic stripe on the back of the card. The chip also contains additional security components not found on the magnetic stripe.

Every time a chip credit or debit card is used in-store at a chip-activated terminal, a unique, one-time code is generated that is used to approve the transaction, which is supposed to provide an additional layer of security. The idea of this chip technology is to aid in reducing the possibilities of counterfeiting the card. Chip cards make it harder for hackers to make a counterfeit copy of your credit card if they steal your account information, and this is supposed to help reduce in-store fraud. However, based on my experience and research, I’m not quite sure that it is going to work as intended.

This week, I walked into a store to make a purchase. When I placed my card into the chip reader, an error message appeared on the screen, which indicated, “Chip Malfunction”. The store associate tried it again for me.  Same message. We tried swiping it instead. Same message. When I picked up my card again, I realized the reason for the error message: the chip was missing from my card.

This led me to a host of questions: How is it that this “new technology” is already having glitches? What would happen if someone else were to find my chip? Could someone glue my chip into his/her own card and use it? Who would be liable? Are people going to start producing chip card skimmers like they have on ATMs, which could pull the chips out of people’s cards at the terminals?

I called Chase Bank and spoke to them about the missing chip. After a long question-and-answer period, I came away with the following information:

  1. If someone were to find my chip, they could use it to create a fraudulent card, or even glue it into their own card and use it. It would be charged to my account. WOW!!! That got me thinking of even more questions. Who manufactures these chip cards if the chips can fall out so easily and into the wrong hands?
  2. Quite a few people have been calling to advise Chase that their chips are falling out as well. I was told that they apparently had a “bad batch” of cards that were issued where the glue was not set properly on the chips (up to this point I had no idea that GLUE is used to secure the chips onto the cards). I was told that Chase has subsequently switched manufacturers and has been receiving fewer complaints about the chips falling out. 
  3. Sometimes the chips fall out from normal “wear-and-tear”, such as taking the cards in and out of your wallet, and also from inserting and extracting the cards from the card readers.

As far as liability goes, on October 1, 2015, liability for fraudulent use of a chip card now falls on the company (i.e., store) that uses the less secure technology (swipe readers). If a bank issues a chip card, and a store has not upgraded to a chip-enabled reader, the store would be liable for the cost of any fraudulent transactions. On the other hand, if a bank has not issued chip cards yet, but the store has upgraded its reader, the bank would be liable for fraudulent transactions. However, in my case, being that the chip just plain fell out, liability is on Chase. 

Currently, debit cards require a PIN, while credit cards only require a signature (and sometimes a signature is only required in excess of a certain amount). Most U.S. chip cards are "chip and signature" rather than the European "chip and PIN" cards. Instead of entering a PIN on a machine to verify a purchase, you may be asked to sign a receipt just as you now do for swiped credit cards. However, in my case, the risk of fraudulent use could have been prevented if a PIN were required to make the purchase.

I received a new chip card in the mail that was attached to a formal letter. There is a section of the letter that reads, “The benefits of your new card! … The microchip embedded in your card [which is actually “glued” into my card] encrypts your data, providing enhanced security when used at a chip-enabled terminal. Combine that with continuous fraud monitoring and Visa Zero Liability, and your transactions are more secure than ever!”

How is this added security going to work across America if people’s chips are falling out? The good part is that if your chip falls out and you can’t find it, you can call the credit/debit card company and have them close the account and issue a new card with a new account number. 

Make sure you KEEP YOUR EYE ON YOUR CHIP. If you notice that it is missing from your card, call the credit/debit card company immediately to have the card cancelled. This will aid in the prevention of fraudulent use of your card information.  And if I can give you one last piece of advice, it would be that it might be worth it to find a credit card company that issues credit cards with the “chip and PIN” technology. I found this link to be helpful, which provides a listing of card companies that issue “chip and PIN” cards:

https://www.creditcardinsider.com/learn/chip-and-signature-chip-and-pin-emv-cards/#chip-and-pin-cards-in-the-united-states.

Keep your eye on your chip!!!

 

Comments

Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.



 Image

Sharon Geiger

Quality Control Specialist

Sharon Geiger, Quality Control Specialist Sharon has 27 years banking experience, 21 of which have been involved in internal audit. She has extensive knowledge of all aspects of the banking industry, with a particular emphasis on regulatory compliance and identifying risks and controls. As QCR Specialist, she performs Quality Control Reviews to ensure all workpapers and reports are completed in compliance with the firm's standards.



Sharon's Posts Subscribe to RSS Feed



Regulation E and Business Account Errors
Controls over Employee and Officer T&E Expenses
Is Regulation CC Put on the Back Burner?
Keep an Eye On Your Chip!
Top Compliance Topics Discussed at the NJ Bankers Compliance University
Some tips and tricks for dealing with Regulatory Examinations
Updated Regulation E Booklet from the OCC!
Is Flood Disaster Still on the Heat Map?
Have You Implemented Your Plan yet?
FDIC Consumer Newsletter
More Flood Insurance Changes...
Same Sex Married Couples - Ensuring Equal Treatment – Announcement from Consumer Financial Protection Bureau
Truth in Lending (Regulation Z) Annual Threshold Adjustments (CARD ACT, HOEPA and ATR/QM)
ABA Survey on Impact of Dodd Frank Compliance
ABA Mortgage Origination Deskbook
Who handles Your Dormant Accounts?
How do you charge Early Withdrawal Fees on Time Deposits?
Do you still offer NOW Accounts?
Policy Changes Required – Do you Wait until Annual Approval?
ACAMS to provide Free Webinar
ACBB Changes its Name
Who Do You Give Cash to?
ABA Briefing to Help Banks Address Cyber-security Threats
The OCC Issues Booklet: “A Common Sense Approach to Community Banking”
Safe Deposit Box Contents are not insured – But They COULD Be!
FDIC Can Review New Products
Let’s Talk About Overdrafts!
Regulation E and NACHA Rules: When you Want to Stop Payment on a Recurring Debit
CFPB Stands Up Against Poor Debt Collection Practices
Don’t Forget the Small Stuff
Double Endorsed Checks: What is the Risk?
Social Media – Will the Regulators Do Spot Checks?
Solutions to Reducing Dormant Accounts at Your Institution
Regulation E Foreign Remittance Rules
Expiration of Unlimited Deposit Insurance for NIBTAs
Regulation O – 5 Easy ways to avoid violations