Retailers Aren't Doing a Good Job of Avoiding Identity Theft -- And Consumers Are Oblivious

Photo source: Pixabay

According to a recent survey by CardHub, the majority of retailers in the U.S. are still unable to accept chip-based credit cards, despite the October 1, 2015 deadline to upgrade their systems. Surprisingly, this includes more than half of retailers who have been victims of data breaches in the past. Even worse, most consumers don't know the reasons for using chip technology or don't care.

Retailers are slow to upgrade
According to CardHub, just 33% of retailers have upgraded at least 90% of their payment terminals. And, 42% haven't upgraded any at all.

Source: CardHub

Even worse, 43% of retailers who have been victims of data breaches during the last five years haven't even upgraded their terminals.

... And, consumers are oblivious
While this data is alarming, it's easy to see why merchants aren't in too big of a rush -- many consumers don't know or care about chip technology. 62% of the people surveyed don't understand the difference between the two forms of card technology, and 56% say they don't care if a retailer is chip-enabled.

Perhaps the most telling statistic in the study was that just 7% of consumers wouldn't shop at a store than didn't have chip-enabled terminals. Now, I'm not calling for a boycott of non-chip enabled retailers or anything like that -- I'm simply saying that retailers aren't losing much business by not upgrading, so it's no wonder there's no real rush.

But wait -- What about that October 2015 deadline?
First of all, despite what many U.S. consumers believe, chip-based credit card technology is not a new thing. The current standard, EMV (stands for Europay, MasterCard, and Visa) was developed in the 1980s and has been in use in Europe for decades.

Second, this "deadline" wasn't really a deadline at all -- merely a shift in liability. Before October 2015, a thief could make a purchase and the credit card's issuing bank would assume the liability for the fraudulent charges.

Now, if a fraudulent purchase is made with a chip card and the merchant isn't set up to accept chip cards, the merchant can be on the hook for the charges. So, retailers technically don't face a penalty or anything like that for non-compliance. Rather, the retailers who are not yet set up for chip cards are just exposing themselves to a lot of (unnecessary) risk, since most banks have kept up their end of the deal by replacing cards with chip-enabled versions. Even so, upgrading payment terminals costs money, so it seems to be a risk that many retailers are willing to take, for the time being.

Why consumers should care
Simply put, the chances of your credit card information being stolen as a result of a chip-based transaction are slim to none. A card's magnetic strip contains valuable information about your credit card account, while a chip generates a unique transaction code each time. In other words, a data breach can still happen, but a thief is unlikely to be able to use the information obtained on your card.

To be fair, chip cards only prevent a single type of theft called "cloning," which involves thieves copying your credit card's information onto another card, which can then be used to make purchases. If the chip card itself is stolen, thieves will still be able to use it at points-of-sale or to buy things online until it's reported to the issuing bank.

Even though it doesn't prevent all theft, considering the high-profile data breaches of recent years, theft of credit card information is a real problem that should be taken seriously.

Don't stop shopping, but be aware
Now, I'm not saying that you should stop shopping at retailers who can't accept cards through chip readers.Actually, I frequently shop at Staples and Publix, both of which are on CardHub's list of companies who still haven't fully upgraded.

However, if and when you do use your credit card the old-fashioned way (by swiping it), you need to be extra cautious to monitor the account for suspicious transactions. As I mentioned earlier, it's relatively easy for a thief to steal the information from your card's magnetic stripe, so be on the lookout and alert your card issuer immediately if you notice any transactions that weren't yours.