I really wish the rest of the world couldn't see all the hand-wringing over the introduction of chip-enabled credit cards in the U.S. Most of the dire warnings about the problems they'll cause are overblown, and some are downright silly.
I used two chip-and-PIN cards last year during our family's nine-week sabbatical in Europe. I learned how to use the new (to me) terminals in one short transaction without too much fumbling or holding up a long line of impatient Parisians. I never left a card behind in a machine -- that's somewhat hard to do, even when you're forgetful like I am. And I experienced no other problems.
By contrast, a few hundred dollars' worth of bogus transactions showed up on one of our un-chipped credit cards after our trip. Like most plastic issued in the U.S. before this year, the compromised card had only the old-school magnetic stripe technology that's so vulnerable to fraud and that most of the rest of the world abandoned long ago.
Months after we returned, a criminal in Europe also drained my daughter's prepaid card, which wasn't chip-enabled either.
We weren't safe after we got home. Three other cards had to be shut down and replaced this year because of fraudulent activity. My husband and I have both had cards frozen, mid-transaction, because the issuers thought they spotted suspicious activity. (In both cases, we were using the cards at local retailers we'd used in the past.)
All our cards have zero liability, which means the only cost to us was the not-inconsiderable hassle of dealing with various issuer fraud departments. But who ends up paying for fraud is a big deal in the credit card industry, and it's the impetus for the long-delayed change to chip-enabled cards. Starting yesterday, bankcard issuers are shifting liability for fraud to merchants if they haven't updated their terminals to accept the new cards.
Chip-enabled cards generate a one-time code for each transaction rather than transmitting data that criminals can easily hack and reuse. In the new terminals, you insert your card into the bottom of the device rather than swiping it down the side. You leave the card in the machine until you're prompted to either enter a PIN (which is what you do in Europe or Asia) or a signature (which is what you'll most often do in the U.S., at least for awhile). The machine tells you once the transaction is complete. If you don't remove your card, the machine beeps to alert you.
The transition to the new technology won't be seamless or quick. Many retailers don't have the new terminals. Some issuers haven't sent the new chip cards to all their customers, and many aren't sending PINs yet -- and they may not for awhile.
"I think they'll stay in this intermediate stage for awhile to see if the cyber-criminals can figure out how to hack this higher level of security," said card expert Ben Woolsey, president and general manager of CreditCardForum.com. "If that does happen, they won't have a choice but to move to PINs."
When issuers do start issuing PINs on a wide scale, those of us who are recall-challenged or who simply have the average of five or so cards will have a whole lot of numbers to memorize. But Woolsey said issuers should allow us to reset our PINs to something we can remember.
And I will happily accept that small amount of hassle in exchange for cards that I can actually use -- and that the bad guys can't.