The shiny chip on your new credit card has definitely made it safer. But that doesn’t mean you can let your guard down.
The FBI issued a warning Thursday that new chip-enabled cards are still vulnerable to fraud and that consumers need to be diligent when using their plastic.
“While [the new] cards offer enhanced security, the FBI is warning law enforcement, merchants, and the general public that these cards can still be targeted by fraudsters,” the agency said in the release.
The microchip in the new cards issues a unique code for each swipe that helps authenticate a transaction. Old cards hold the payment data on the magnetic stripe on the back of cards, which is easy for fraudsters to steal and put on fake cards.
An October 1 deadline that shifted the responsibility of fraudulent charges between retailers and banks prompted the rollout of the upgraded cards.
While the new cards are safer, they didn’t solve all theft exposures. The upgrade doesn’t require a PIN to be entered at the point of sale, a process that is standard in many places in Europe and offers more security.
In its release, the FBI suggested using a PIN to verify transactions, but that’s generally only possible when using a debit card. Plus, many debit card users haven’t received a new card yet, because banks have tended to prioritize issuing upgraded credit cards over debit.
While some U.S. banks do require a PIN to be entered when using an upgraded credit card, most just require a signature, explained Philip Andreae, a vice president at digital security company Oberthur Technologies.
So if a card is physically stolen, that chip isn’t going to detect unlawful use. Signature-only chip cards also don’t protect against fraudulent online, phone or mail purchases.
Many experts expect a surge in fraud in transactions when the card is not present.
“Cyber criminals understand now that stealing from chip and PIN is harder,” said Brian Dodge, a spokesperson with the Retail Industry Leaders Association. “The U.S. is still less secure than the rest of the world. They are going to focus on the country that has the weakest technology.”
Andreae said consumers can call their bank and ask for an upgraded card that requires a PIN, but they don’t have to oblige.
Fraudulent attempts to open new credit cards surged in the months leading up to the upgrade, according to Steve Williams, vice president at Verint Systems, a security analytics company.
“Fraudsters read the news like we do, they know what they have to do to protect their revenue streams …they are trying to get the brand new chip cards sent to them to use them.”
Brooks added that upgraded in-store credit card readers can still fall prone to hacking “We have seen cases of terminal tampering in the U.S., a cases in Europe with card cloning. You can buy a smart card online for $40 put malware on it and swipe it and then infect the terminal.”