What happened after the US moved to chip-embedded payment cards?

Enlarge / Woman paying with card reader. (credit: Getty Images)

The US began its transition to chip-based credit cards in earnest in October 2015, after high-profile credit card hacks in the previous years at Target, Home Depot, Michaels, and other big-box retailers. Today, although only 59 percent of US storefronts have terminals that accept chip cards, fraud has dropped 70 percent from September 2015 to December 2017 for those retailers that have completed the chip upgrade, according to Visa.

There are a few ways to interpret those numbers. First, it seems like two years has resulted in staggeringly little progress in encouraging storefronts to shift from magnetic stripe to chip-embedded cards, given that in early 2016, 37 percent of US storefronts were able to process chip cards.

On the other hand, fraud dropping 70 percent for retailers who install chip cards seems great. Chip-embedded cards aren’t un-hackable, but they do make it harder to use stolen credit card numbers en masse as we saw in the Target’s 2013 breach. Chip cards also can’t prevent against Card-Not-Present (or CNP) fraud, which takes place when card information is stolen online, by mail, or over the phone. If retailers upgrade to terminals that accept chip-embedded cards but leave their online marketplaces insecure, they can still leave customers open to fraud and leave themselves open to processing fraudulent payments.