If you’ve received a new credit card in the past year or so, you’re probably still adjusting to life with a chip card (sometimes known as a smart card). I was recently purchasing dog food and the clerk had to remind me to take my card back out of the reader before leaving.
“We’ve already had three people forget their credit cards since we put the new machine in,” he told me.
That’s not so good, but chip cards, we’re told, are here to make our transactions safer. So how does that work exactly?
The old system
To understand why the new chip cards are more secure, we should first look back at the old design.
The black strip on the back of your credit card is magnetic. It contains coded information related to your account. When you swipe the card, the reader connects the coded information on your card with your account and the transaction is processed (or not, as it may be).
The information in that magnetic strip doesn’t change. It’s essentially a coded book. So when the card is read, all of your account information is made available. This is a problem in a couple of major ways.
First, if someone makes a copy of your card using a skimmer, they’ll have everything they need to access your account and potentially steal your identity.
Second, because stores access your full account information when processing a transaction, if there’s a data breach, those thieves will also be able to get into your account.
The new system
The reason these new cards are called chip cards is because the centerpiece is a computer chip. This computer chip represents a massive change in the way data is shared through the card.
Rather than sending all of your account information, the chip creates a unique, one-time transaction code. That code is specific to just that one purchase. So if there were a data breach at a store where you've shopped, rather than stealing all of your account information, the thieves would only be able to steal the unique transaction codes related to specific purchases. And because those codes can only be used once, the stolen data would essentially be worthless.
This also explains why the new process is a little bit longer than the old one. When you “dip” your chip card it begins a conversation of sorts with the issuer, verifying that the funds are available and creating the unique transaction code to complete the process.
Why is this happening?
Credit card fraud is massively expensive. Historically, those costs have fallen back on the card issuer, but that’s no longer the case. Beginning in October 2015, liability is now directed towards whichever party is the least compliant with these new fraud protection measures.
In other words, if I have a chip card, but the store I’m shopping in isn’t equipped to process chip cards, the store would be liable if my data is breached as a result. Similarly, if a store has chip readers, but the issuer hasn’t provided consumers with chip cards, then any resulting losses would fall to the issuer.
In this way all parties are motivated to integrate this new technology and keep our data safe. It may take a little getting used to, but chip cards – and the added fraud protection they bring – are here to stay.