Slashdot Mirror
Credit Card Chips Have Failed to Halt Fraud (So Far) (fortune.com)
An anonymous reader quotes Fortune:
New chip-enabled credit cards, which were rolled out to U.S. consumers starting in 2015, were supposed to put an end to rampant credit card fraud. So much for that. A new report from the research firm Gemini Advisory has found that, of more than 60 million cases of credit card theft in the last 12 months, a whopping 93% of the stolen cards had the new chip technology...
In theory, EMV should reduce fraud because every card transaction requires an encrypted connection between the chip card and the merchant's point-of-sale terminal... But while the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems, according to a Gemini Advisory executive who spoke with Fortune... The upshot is that criminals have been able to insert themselves into the transaction data steam, either by hacking into merchant networks or installing skimmer devices in order to capture card information... The report concludes by noting that big merchants have begun to tighten up their implementation of the EMV system, which will make them less of a target. Instead, criminals are likely to begin focusing on smaller businesses.
The report estimates that in just the last twelve months, 41.6 million records have been stolen from chip-enabled cards.
In theory, EMV should reduce fraud because every card transaction requires an encrypted connection between the chip card and the merchant's point-of-sale terminal... But while the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems, according to a Gemini Advisory executive who spoke with Fortune... The upshot is that criminals have been able to insert themselves into the transaction data steam, either by hacking into merchant networks or installing skimmer devices in order to capture card information... The report concludes by noting that big merchants have begun to tighten up their implementation of the EMV system, which will make them less of a target. Instead, criminals are likely to begin focusing on smaller businesses.
The report estimates that in just the last twelve months, 41.6 million records have been stolen from chip-enabled cards.
The US opted for chip+signature, rather than chip+PIN like the rest of the world. Since no one ever checks signatures properly, stolen cards can easily be used for fraud in the US, without needing to shoulder surf for a PIN first.
It's because the credit card companies don't want to pay for fraud. Right now they've gamed it so merchants pay for credit card fraud (merchant loses the merchandise, and the payment gets reversed). Chip + PIN basically makes it impossible for the merchant to be at fault in case of fraud, meaning either the cardholder or credit card company has to pay for fraud. So they gimped the chip in the U.S. by making it chip + sign, meaning it's still the merchant's responsibility to check the signature with the one on the card. And if they forget (or in the case of online orders, can't) and it turns out to be a fraudulent charge, the merchant has to pay for it.
(And if you're one of those people who've been duped into thinking the high interest rates pay for fraud, no they don't. They pay for cardholders who are delinquent on payments.)
Only a decade?
The uk had chip and pin in 2006 when i lived there. Not sure when they rolled it out out.
And in 2014 australia stopped accepting signatures at all.
Now though im pretty much 100% contactless and done mainly via my phone.