There's a chicken-and-egg problem with the Thursday deadline for consumers and retailers to switch to new chip-enabled credit cards.
Because a majority of consumers still haven't received their new upgraded cards, many retailers aren't upgrading their credit-card terminals to accept the new cards. The end result? Much of America is going to blow the Oct. 1 deadline for upgrading to the new cards.
The new chip-enabled cards, which are also called EMV cards (short for Europay, MasterCard and Visa), are being phased in because they're more secure than the old-style magnetic-strip cards because retailers and card processors don't store the card data in their systems. It's a system that has proved to be effective: Europe marked a sharp decline in credit card fraud after the chip-enabled cards were introduced.
Given the incentive for retailers, card issuers and consumers to switch, why is America lagging in rolling out the new technology? And what do consumers need to know if they're not prepared on Oct. 1?
Why haven't I received a new card yet?
By some accounts, 54 percent of consumers haven't yet received replacement cards embedded with a chip.
The delay is due to the sheer logistical problem of replacing Americans' 1.2 billion credit and debit cards, said Carolyn Balfany, senior vice president of product delivery for MasterCard (MA). She said it's estimated that about two-thirds of cards will be replaced by year-end.
"Banks are working to replace them," she said. "In the beginning, they were working on international travelers because those were the consumers who were challenged because they were traveling overseas" where EMV cards are already commonplace.
Banks are handling the replacement cards in several ways, ranging from a mass reissuance to replacing them as they expire, she added. Consumers anxious to receive a new card should call their bank to request a replacement. Chances are the bank will send a new EMV card fairly quickly.
Is there a fine for missing the deadline?
Consumers won't face a fine if they don't have a new card by Thursday.
For that matter, neither will retailers for failing to upgrade their systems to accept the new cards, although they're on the hook in another way.
The deadline is what the credit card industry calls a "liability shift," which means on Oct. 1 how liability falls between credit-card issuers and retailers will shift. After Thursday, the liability for fraud will be placed on the party that hasn't upgraded its systems.
Since fewer than one-third of business owners in July said they'd be ready with new checkout terminals by Oct. 1 in a Wells Fargo/Gallup poll, chances are that thousands of retailers may be facing fraud liability starting on Thursday. The top reason for skipping the upgrade? Retailers don't think it will affect their business, a fair assumption given that so many Americans don't even have the new cards.
How do I use the new card?
Insert the end of the card with the chip into the bottom slot of the new point-of-sale terminals, and leave it there for a few seconds to allow the machine to read the card, said Paige Hanson, senior manager of education programs at LifeLock, a provider of identity-theft protection services.
After Oct. 1, "If you have an EMV card and try to swipe it, there is a notification that will populate on the cashier's screen that says you have a chip-enabled card," she said. The machine will prompt you to retry the purchase by using the EMV-card reader.
What do I do if there's a fraudulent charge on my card?
Consumers will still handle fraudulent credit-card charges they way they always have, Mastercard's Balfany said.
"You'll still report it, just like you do today, by letting your bank know and they'll resolve it," Balfany said. "The liability between the bank and the merchant might be different. The one that has not upgraded is going to be responsible, but that's invisible for the consumer."
Should I avoid retailers that haven't upgraded their terminals?
Not necessarily, although Balfany said consumers may feel better about using their cards at stores that have installed the new systems.
"You know that they care about the security of your data," she added. That being said, "The consumer is not responsible for fraud. It will take some time for terminals to be rolled out across the U.S., and we have always known that not all of them would be enabled right away."
Still, bad guys may target stores that haven't upgraded, according to Tom Donlea, director of e-commerce practice at Whitepages. "Criminals will know which stores have either not yet implemented the EMV terminals or they will learn how to damage the chip in the EMV cards they have spoofed so that it forces the retailer to perform the traditional swipe if they want to make the sale," he wrote in an email.
"Merchants expect fraud attacks to start increasing this fall," wrote Donlea. "It won't be a tsunami, but rather a slow but steady increase in online fraud attacks."
With the new cards likely to foil credit card fraudsters more often, consumers should be alert for other types of scams, said LifeLock's Hanson.
"It could push criminals to explore more serious lines of theft, such as stealing your identity," she noted. To that end, consumers should continue to monitor their credit card statements (or start checking them, if they aren't already). You should also take advantage of text-based alerts about account balances and big charges, Hanson added, because that can help catch fraud right away.