Discover Introduces 'Smart' Credit Cards With EMV Chip Technology. Are We There Yet?
Monday, July 13, 2015
This month, Discover Bank began to ship upgraded credit cards for its cardholders. The new "smart" credit card includes an embedded EMV chip that offers far more security. The chip stores and transmits encrypted data with a unique identifier for each transaction. The EMV chip technology was developed jointly by Europay, MasterCard, and Visa.
In the United States, cardholders will use the new cards the same way they used the old cards with the obsolete magnetic strip technology. At retail stores with older terminals, cardholders will continue to swipe their cards to make purchases. At retail stores with the chip-enabled terminals, cardholders will instead insert their card into the new terminals. To withdraw cash at bank ATM machines, a PIN number is required.
Like other new credit cards in the United States, the new Discover credit cards use "chip and signature" technology. I asked a Discover customer service if their new credit cards could be used in Europe, where cards use the "chip and PIN" technology. (When the United Kingdom switched to EMV chip cards years ago, fraud in stores there decreased 70 percent.) The customer service rep stated that the new cards could be used in Europe, provided the cardholder sets up a PIN number before their trip.
Wise readers note the limitations. The new chip cards won't stop hacks and data breaches at companies, employers, and banks that archive consumers' payment information. The new chip cards won't offer any more security or payment protections until retail stores upgrade their terminals. Credit Card Forum described the method being used to encourage retailers to upgrade by October 2015:
"... the card networks (Visa, MasterCard, AmEx and Discover) are giving both [retail merchants] and card-issuing banks an incentive (both a carrot and a stick) to upgrade by October 2015. At that point, the networks will institute a “fraud liability shift.” That’s a fancy way of saying “adapt or pay.” If a consumer’s card is involved in fraud, whichever party involved in the transaction (the bank that issued the card or the merchant that accepted it) that didn’t upgrade to EMV will be held accountable."
Retailers see the situation differently. CNBC published a retail spokesperson's commentary about the new "chip and signature" credit cards:
"Retailers are also asking card issuers to take more than a half step, and issue "chip and PIN" cards to American consumers. As it currently stands, banks are only issuing "chip and signature" cards in the United States, a less secure standard as signatures can easily be forged. It has been reported by the Federal Reserve that including a PIN makes a transaction up to 700 percent more secure, yet to date, banks are not issuing these cards to American customers... The fastest, easiest and smartest thing we can do to make transactions more secure in the near term is to upgrade credit cards with Chip and PIN technology. Retailers are making the investments needed to accept them, but we need the financial industry to make the same commitment."
Several banks and card issuers in the United States offer EMV-chip credit cards:
- American Express Premier Rewards Gold
- Bank of America Travel Rewards
- Capital One VentureOne Rewards
- Chase Freedom
- Chase Sapphire Preferred
- Citi Diamond Preferred
- Marriott Rewards Premier
- Plenti Credit Card from Amex
- USAA Preferred Cash Rewards World MasterCard
Browse a longer list of EMV-chip cards available in the United States. Both cardholders and non-cardholders can learn more about the new chip credit cards at the Discover site.
Why go part of the way and introduce EMV chips with signature instead of with PIN numbers? Seems to me, the banks seem mare more interested in shifting the liability of data breaches from them to retailers, rather than provide cardholders with state-of-the-art EMV security that's already available in most other parts of the world.
What are your opinions of the new "chip and signature" credit cards in the United States?
Comments
You can follow this conversation by subscribing to the comment feed for this post.