Are Credit Card Chips Safe?

Credit card chips have made in-person transactions safer, but there are still some things you should know to prevent yourself from becoming a victim.

Over the past few years, chip-based credit cards have become almost universally issued in the U.S., so if you’re reading this and have a credit or debit card, there’s a good chance that it has a chip in it.

Technically, these credit cards with chips are known as EMV cards. This originally stood for “Europay, Mastercard, and Visa,” which were the companies that developed the standard for the technology.

In a nutshell, EMV chips have a small microprocessor that generates a one-time code for every transaction. In other words, instead of a magnetic stripe encoded with your credit card number, expiration date, and other personal information, an EMV card never sends the same information twice. The idea is that if a hacker obtains payment information from an EMV card, it will be information that was unique to a past transaction, and therefore would be of no use for future theft.

Is your credit card chip safe?

The short answer is yes, but only when it comes to one specific category of credit card theft. Evidence has shown a significant decline in credit card fraud in countries where EMV card technology has been implemented on a wide scale.

Having said that, the reality is a bit more complex. While EMV chips have cut down on overall credit card fraud, that doesn’t mean they’re 100% effective. With that in mind, here’s a rundown of the major benefit of chip credit cards, as well as some of the shortcomings of the technology.

Your card is more difficult to replicate

One common form of credit card theft throughout the past couple decades involves a thief essentially cloning your credit card. They obtain your credit card number and other information through a data breach, via a skimming device, or through some other means, and encode the information on the magnetic stripe of another card. They could then use the cloned card to pay for purchases, which would then be billed to your account.

I vividly remember an incident in 2012 where I was a victim of this. I was at an airport hotel in Miami, Florida getting ready to embark on a cruise with my wife when I got a call from my bank. They were attempting to verify if I had spent $300 at a dollar store in Kentucky that evening. I have never even been to Kentucky. Someone had made a clone of my card, and the source was eventually traced to a skimmer at a particular gas station.

Now, it’s not impossible to obtain your personal information from an EMV credit card, but it’s much more difficult. In a data breach, for example, credit card information obtained from EMV cards would be of no use to a criminal. Cloning an EMV credit card would require extremely sophisticated methods and expensive equipment and is generally impractical to do. Meanwhile, a card skimmer can be made with basic materials and at a bare minimum of expense.

In short, using an EMV chip credit card to pay for a purchase dramatically reduces the probability that your credit card will be cloned. However, there are still plenty of opportunities for thieves to commit credit card fraud against you, so here’s a look at some of the things you should still be on the lookout for.

There are some places you still have to swipe or insert your card in a vulnerable way

The vast majority of merchants in the U.S. actually use the EMV chips in your cards when processing transactions. However there are still a few cases where you may need to swipe your card. When I use my debit card to pay for my kids’ daycare, for example, the payment terminal is a card swiper. Even if a merchant is equipped to use EMV chips, the readers can break from time to time.

In addition, it’s still important to be aware that certain places are still vulnerable to skimmers, even if your EMV chip is used. This is quite common where you see payment terminals that aren’t closely watched -- think gas pumps or outdoor ATMs. In these locations, the card-skimming business is still alive and well.

Scanning devices can still steal your credit card data

It’s also important to realize that thieves can steal your credit card’s data even if your card doesn’t leave your pocket if your credit cards are RFID (contactless-payment) enabled. There are devices that allow thieves to steal your credit card information through the air, even if your credit card is in your wallet. Some thieves can even do this with their smartphones, not requiring a specialized device.

Having a chip does nothing to prevent your physical card from being stolen

Don’t forget that the fact that there is a chip in your credit card doesn’t prevent a thief from stealing your card and using it to make purchases. EMV transactions don’t require a PIN, so if a criminal gets their hands on your card, they could make purchases with your card by simply inserting your chip and signing your name.

Don’t forget about online shopping

While incidents of card cloning are definitely on the decline, many thieves have shifted their focus to “card not present” transactions -- such as online shopping. If a thief has obtained your credit card number, expiration date, and the secret code printed on the card, EMV technology does nothing to prevent them from using it online.

Another online-shopping security risk occurs when you decide to shop online while on a public Wi-Fi network. Information you send over public networks can be visible to other people, including payment information if you make a purchase.

How to make sure you’re as safe as possible

The point is that just because your credit cards now have chips in them, you aren’t automatically protected from all types of credit card fraud. It’s still important to take steps to keep your information safe. To name just a few:

• Check your bank and credit card statements and websites often to make sure that you recognize all of the transactions. If you see any transactions you didn’t authorize, call your financial institution immediately.
• Utilize mobile payment technologies when possible. You can add your credit cards to your phone, so you won’t even have to carry a physical credit card. This is the best way to protect your information when shopping at a brick-and-mortar merchant.
• If you have RFID credit cards, consider a wallet or insert designed to prevent hackers from stealing your information remotely. SignalVault is a reputable brand that produces RFID-blocking products.
• Avoid making purchases while on public Wi-Fi networks. If you must use credit cards online when in public settings, it’s a good idea to set up a virtual private network, or VPN.
• Use virtual credit card numbers when shopping online, if you can.

The bottom line

How safe are credit card chips? They are certainly safer than magnetic stripe technology, but there are still several ways thieves could potentially commit credit card fraud. The point is that just because you have a wallet full of chip-based credit cards doesn’t mean you shouldn’t take additional steps to protect yourself. True data security means being proactive about keeping your information safe and detecting when your credit card data may have been compromised.