You may still need to swipe your card this season
Despite chip cards transition into use in the United States, many will still have to swipe their cards this holiday season. Here's why.
You’ve got your new EMV-chipped credit card, part of the industry’s effort to reduce credit card fraud.
You’re ready to dip it into the card readerat a retailer, but the cashier asks you to swipe as usual because the terminal isn’t ready for your new plastic.
Not all businesses met the credit card industry’s deadline for accepting EMV cards, and with business owners turning their attention to holiday sales, that’s unlikely to change anytime soon, an expert says.
Here’s a rundown of what’s happening at the checkout and why.
I’m still swiping my card. What gives?
The deadline for businesses to update their equipment to accept the anti-fraud EMV technology was Oct. 1, but many have not made the upgrade. As a result, those businesses would be liable if credit card fraud were committed at their points of sale with a chipped card. Craig Shearman, spokesman for the National Retail Federation, says there are three main reasons why retailers and others haven’t changed their devices.
The risk of fraud isn’t equal for all retailers
“The level of risk of not converting to EMV depends largely on the size of your business and the size of your transactions,” he tells NerdWallet. “Hackers looking to commit credit card fraud largely go after big businesses, not mom-and-pop shops.”
Small businesses with small transactions, such as a corner deli, don’t have too much to worry about, he adds. “Thieves likely aren’t going to waste a counterfeit card on a cup of coffee or a sandwich,” Shearman says.
The National Retail Federation estimates that “each chip card terminal [costs] as much as $2,000 when installation, software and other expenses are included.” With many small-business owners making small profits off their merchandise, they can’t afford to make the switch until they’re forced to when their current card readers no longer work. Even for large retailers, those costs add up.
Also, if a business hasn’t experienced much fraud, it has little incentive to take on the expense of updating its equipment.
New equipment needs approval
Before a retailer can start using EMV-chip readers, the devices must be certified by EMVCo, the organization that manages the EMV process, and by the payment networks the retailer plans to accept. Because larger retailers process more transactions and generate more revenue for the payment networks, they generally get first claim to certifiers until the process is complete.
Some large retailers still ask you to swipe because they’re struggling to make it through the certification process, Shearman says. And “even if small retailers make the move, they’re far down on the list of getting certified,” he notes.
Stores still taking safety measures
If you’re still swiping your card at some stores, your information is likely just as safe as it was before the EMV deadline. If you’re shopping at a business that doesn’t sell big-ticket items, it likely isn’t a major target for fraud, so your risk is lower.
If you’re hoping your favorite retailer will make the upgrade before Black Friday, you may be disappointed.
“For the most part, particularly for small businesses, what they have now is what they’ll have for the holiday season,” Shearman says. “They’re busy concentrating on their holiday sales and moving as much merchandise as they can.”
He adds that you may see retailers compensate by increasing their security in other ways, including asking you for a picture ID, checking the signature on the back of your card and checking the card itself to detect a counterfeit.
If you’re still unsure, take your card security into your own hands by checking the card reader to make sure someone hasn’t tampered with it. As you use your card during the holiday season, check your account statements often for unauthorized charges. If that still doesn’t assuage your concern, you can avoid the risk entirely by using cash instead.
This article first appeared at NerdWallet.