Future Tense

Why You Still Can’t Use a Chip Card Everywhere

The transition was supposed to make financial transactions more secure. But the rollout is a little bumpy.

A computer chip is seen on newly issued debit/credit card in this photo illustration taken in Encinitas, California September 28, 2015.
A computer chip is seen on newly issued debit/credit card in this photo illustration from September 2015.

Mike Blake/Reuters

In the last year or so, most of your credit, debit, and ATM cards have probably been replaced with chip cards. But maybe some still haven’t been switched, and maybe you still swipe your cards at a lot of stores instead of using the chips. So are we even really doing this or what? It’s a very fair question.

Vendors were encouraged to begin accepting chip transactions (aka “chip and dip”) by Oct. 1, 2015, a transition date chosen by the payment network industry. As of that date, merchants became responsible for fraudulent charges made at their establishments if they didn’t have a working chip reader. At the same time, financial institutions that don’t provide their customers with chip cards became liable for fraud. It’s an industry shift not motivated or enforced by the government, and the idea was to encourage everyone to transition quickly to the new, more secure chip technology.

Chip cards have long been in use in Europe, and elsewhere around the world, because they reduce fraud compared to magnetic strip cards. When chip technology proliferated during the 1990s, U.S. payment networks had better fraud protections than networks in other parts of the world, so there was less motivation to adopt chips. At the time, the U.S. was already doing real-time transactions in which a network verified on the spot that a card had the funds available to cover the cost of the purchase and hadn’t been reported lost or stolen. In Europe and elsewhere, many transactions were still being done offline: The merchant recorded the customer’s card information but didn’t actually process it until later or even the next day. This approach is much more vulnerable to fraud. Real-time transactions have become more common around the world, but with data breaches and credit card crime booming, the U.S. has been overdue to adopt chip technology.

Much of the transition to chip cards (also referred to as EMV cards, which stands for Europay, MasterCard, and Visa, the three companies who developed the technology standard) has been frustrating and confusing for consumers. For one thing, you still have to swipe your card at many vendors. Visa says that 1.2 million U.S. stores had enabled chip transactions as of May 31, a 467 percent increase over the same time last year. And since the transition kicked into high gear in October, Visa estimates that an average of 23,000 merchants bring chip terminals online every week. But the Washington Post reported in February that the total number of U.S. merchants is more like 8 million. Some market surveys have more optimistic conclusions about the rate of adoption, but all seem to place it below 40 percent. We’re not there yet.

Timing was part of what slowed things down. The October liability transition coincided with the start of the holiday shopping season, and pundits agree that retailers were wary of implementing a large systemic change during their busiest season. Additionally, some stores have purchased new payment terminals but still don’t accept chip transactions. You’ve probably encountered a cashier at least once who said, No, we don’t use chips yet, just swipe, when you tried to dip your card. It’s noticeable because hundreds of millions of cards have now been replaced, and the vast majority of consumers have chip cards in hand. But the EMV Migration Forum told Credit.com in March that U.S. stores have about 5 million chip-enabled terminals even though, as Visa and the Forum both point out, only a little more than 1 million have started actually accepting EMV transactions. This means you’re much more likely to encounter a terminal that looks like it can accept chip cards rather than one that actually can.

Flipping the switch so a store can accept EMV payments is actually a multistep process. First they have to buy the terminals, which run about $500 each. Then they have to install software so the chip transactions can interoperate with their current payment system. Finally, they need to be certified by the banks and card networks that they work with. (Meaning a store that doesn’t accept American Express doesn’t need to be certified by them.) And that last requirement has been creating a bottleneck. As J. Craig Shearman from the National Retail Federation told CNBC in April, “It’s time for the bank and the card industry to step up. … Some of [our members] have had to wait months to get anybody to certify their systems.” There seems to be some movement on this issue since companies like Visa, MasterCard, and American Express announced plans in June to spur EMV adoption and simplify the certification procedure for new chip readers.

Though the process is rocky, most stores will ultimately accept chip cards, especially large chains. Opting to be swipe-only isn’t illegal—it just places fraud liability on merchants—so small stores that don’t experience a lot of fraud may gamble and not upgrade their equipment and systems. Additionally, certain industries that have very low credit card fraud rates, like the dental industry, may be slow to transition.

A confusing aspect of this transition that the U.S. is using the chip and signature model instead of the chip and PIN approach used in Europe and most of the world. In most places, customers enter a PIN on a keypad after dipping their chip card, but in the U.S. customers are asked to sign after they dip their chip much like the old system with magnet strip credit cards. Since signatures are often more like incomprehensible squiggles, though, it seems logical that PINs would offer more security. But the banks and other credit institutions that supported chip and signature for the United States defend the decision and often say that adding a PIN number to every transaction would be burdensome for consumers.

Chip and PIN made offline transactions more secure by asking a customer to enter the same PIN that was encrypted and stored locally on the chip. But chip and signature advocates argue that this offline environment isn’t necessarily relevant to payment networks today and that the adaptive fraud detection software financial institutions use is increasingly robust. Many small chip transactions, usually under $25, don’t even require a signature anymore. Furthermore, some advocates point out that PINs mainly offer additional protection against the physical theft of a card, and though this type of crime is still an issue, it has been thoroughly eclipsed by online credit card fraud—where PINs don’t offer additional protection.

There are definitely skeptics, though. A group of small business owners told the House Small Business Committee in October that they would feel more comfortable with the security of a chip and PIN system than the chip and signature approach that has rolled out. And Mike Cook, a senior vice president and the assistant treasurer at Wal-Mart, told CNN Money in April 2015, “The fact that we didn’t go to PIN is such a joke.” Wal-Mart was one of the first U.S. vendors to accept chip transactions, but in May the company filed a suit against Visa, alleging that the payment network has forced the big-box giant to give customers the choice between using their debit PIN or just signing. Wal-Mart wants to be able to mandate that its customers use their PINs. These transactions are cheaper for Wal-Mart to process, but the company claims it’s a win-win for consumers because using a PIN is also more secure.

Richard Willis, a partner in the payments systems group at the corporate law firm Alston & Bird explained in an email, “No one is clamoring for a PIN, consumers certainly are not, so doing the bare minimum necessary—which for most is Chip and Signature—makes business sense. Seen this way, it’s a classic cost/benefit analysis … and no other non-market forces (e.g. consumer demand) are driving the broader move to PIN and its incremental benefits to security.”

The EMV technical standard allows card issuers to choose whether they want to use a chip-and-PIN or chip-and-signature approach, so financial institutions could decide that they want to offer PINs at any time; some already do. In April, Visa reported that counterfeit fraud had dropped 26 percent at vendors processing chip transactions during January, but surveys continue to show that the U.S. still has one of the worst rates of credit card fraud in the world overall. As Josephine Wolff argued in Slate last August, “new card technology may do more to shift how fraud happens and who has to pay for it than actually reduce it in the long term.”

So there’s a lot going on behind the scenes at credit card companies and retail stores alike. But you’re probably thinking about something else: Why the hell does it take so long to process a chip transaction?! Surveys show that customers are exasperated, and you may have noticed anecdotally that chip transactions take longer, require more standing around, and are susceptible to problems if you take your card out of a reader too soon. But the industry says you’re wrong. “Consumers may think that it feels a little bit longer because the card is in the terminal the whole time instead of just swiping it and sticking it right back in your wallet,” said Stephanie Ericksen, Visa’s vice president of risk products. “But the actual transaction itself is taking the same amount of time. It’s just that you’re watching your card be there while the information is going out and coming back.”

Visa, American Express, and other major card issuers have slowly acknowledged that EMV transactions were irritating consumers and have started rolling out a software solution called Quick Chip. The new system eliminates some things, like prompts for customers to confirm transaction amounts, and also allows customers to take their cards out of terminals while their transactions are still processing. Faster transactions will probably make everyone happier, but an evaluation by CardFellow notes that QuickChip does make some security trade-offs to speed processing time.

The transition to chip credit cards hasn’t been easy, partly because it is a private-sector standards decision rather than one by the government. In terms of day-to-day life with EMV cards, though, things should get easier and less confusing for customers over the months and certainly years. If only the whole process had been as easy (and tasty) as chip and dip sounds.

This article is part of Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, follow us on Twitter and sign up for our weekly newsletter.