‘Smart’ credit cards finally arriving in U.S.

Embedded chips expected to slow fraud, counterfeiting.

What’s happening to credit and debit cards:

— To thwart card counterfeiters, banks are rolling out smart cards — already in 80 countries — that use embedded computer chips to encrypt customers’ account data.

— The new system requires merchants and payment processors to adopt new terminals and software.

— After Oct. 1, whoever has the weakest link in the system — banks or merchants — bears the cost of transactions on counterfeit cards.

— Rather than swiping the card through a reader, customers insert the new cards’ chip end into a reader, where it stays until the transaction is complete.

— About half of the 1.2 billion cards and 8 million merchants are expected to be convert by year-end. Service stations aren’t set to make the switch until late 2017.

Michael Tyson is sweating it a bit these days.

The Avondale Estates record seller is one of millions of U.S. retailers — ranging from small shops to giant operations like Atlanta-based Home Depot — who are scrambling to install new, upgraded credit card terminals before Oct. 1.

About four years ago, Visa and MasterCard set the looming target date for banks, merchants and other players in the electronic payments world to switch to more advanced “smart” or “chip” cards and card readers. The cards are supposed to help slow the wave of credit card info-hacking and fraud that has swept the country.

Pushed by Mastercard and Visa as a global standard, they have long been used in Europe. Embedded in each card is a small computer chip that encrypts account information with a new code for each transaction. That makes it much harder for hackers to copy the information onto counterfeit cards.

The chip cards require a new type of terminal that interacts with the card’s computer chip rather than with the familiar, and more vulnerable, magnetic strip on conventional cards.

Industry officials say the Oct.1 date isn’t a deadline and the switch-over isn’t required, exactly. But after this month, merchants and credit card issuers who haven’t upgraded will be responsible for covering the cost of any fraud that occurs.

Card holders aren’t affected by the so-called “liability shift.” But they will have to learn how to use the new cards and terminals, which differ slightly from the current system, as they are put into service.

People who like to shop online also may need to beware, experts warn. As transactions in brick-and-mortar stores become more secure, fraudsters may focus more efforts online, where the smart cards offer no more protection than conventional cards.

Customers need to monitor their accounts carefully, said Shannon Johnson, senior vice president at SunTrust Banks in Atlanta. “There are still other ways to perpetrate fraud,” she said.

Meanwhile, Tyson said he’s trying to get ready to dodge the “liability shift.”

“I’ve got a chip reader ordered,” said Tyson, whose Sunbrimmer Records sells new and used vinyl records and turntables. He said the supplier of his current credit card reader, San Francisco-based Square, promised to ship new terminals as soon as they’re available.

“I feel as though Square is on top of it and will get me the proper equipment on time,” he said.

Slow launch

But so far, it looks like many credit card issuers and merchants still have a lot of ground to cover in adopting more secure credit and debit cards.

Only about one in six of the 1.2 billion credit and debit cards issued by banks and other lenders in the U.S. has been replaced by the advanced cards, according to the Electronic Transactions Association. The Washington, D.C., trade group expects about half to be replaced by year-end. Initially, U.S. chip cards will also include a magnetic strip that can be read by older card terminals.

“This is really going to be a two-year process” for most banks to switch customers over to the new cards, said Johnson, at SunTrust. She said SunTrust has been issuing credit cards with the computer chips “for a few months now,” and will begin issuing updated debit cards soon.

Johnson said the bank is using a combination of methods to decide who gets updated cards first. They include those with expiring cards, new accounts, and accounts that have been compromised by fraud. She declined to say what portion have been replaced so far, or what SunTrust’s cost is expected to be.

“It is a significant investment for us,” she said.

Merchants face significant costs as well. Jason Oxman, chief executive of the Electronic Transactions Association, said mom-and pop shops will typically spend $50-$200 for an upgraded terminal, while larger retailers are spending millions of dollars. Estimates for the overall cost of the switch range from $10 billion to $20 billion.

Oxman predicted that about 45 percent of the 8 million U.S. businesses that accept electronic payments will convert to the new system by year-end.

While most large retailers have converted, he said, “for some of the smaller businesses, it could take a while.”

Home Depot, one of the nation’s largest retailers, is busy upgrading its U.S. stores’ card terminals and software. The Atlanta retailer expects to have its 60-plus metro Atlanta stores ready today, and its nearly 2,000 U.S. stores switched over by Oct. 1.

“We’re in great shape. We’ll be ready,” said spokesman Stephen Holmes.

Costly fraud

The United States is the last major market to adopt the cards with the little computer chips, which have been around since the 1980s. They were first used in France, and are credited with dramatically reducing credit card fraud in Europe.

Indeed, experts say hackers and card counterfeiters fled Europe for easier pickings in the U.S. The resulting surge in fraud here persuaded card issuers, merchants and payment processors to finally make the switch to chip cards, despite the higher costs of the new cards and readers.

In 2013, hackers stole about 40 million credit card numbers from Target. Likewise, in an attack last year on Home Depot, criminals got information on about 56 million payment cards. Only a small fraction of cardholders actually were fraud victims, but the exposure put a spotlight on the vulnerability.

Credit and debit card fraud now costs credit card issuers about $7 billion a year in the U.S. — about half in brick-and-mortar stores and half in online transactions, said Oxman. The new chip cards should help stop thieves from making purchases with counterfeit cards, which accounts for about two-thirds of all card fraud in retail stores, he said.

But it won’t help with online fraud, he added, since “we don’t have chip readers at home.”

Visits to local retailers indicated many still don’t have the chip readers either, only weeks before the Oct. 1 “liability shift.”

Around the corner from Tyson’s record shop, Jen Singh, co-owner of Garage Door Studio, a craft boutique and art center, said credit card payment processor Square alerted the shop about three weeks ago that it needed to upgrade. The co-owners ordered a new terminal but it hasn’t arrived yet.

“We’re glad they notified us, because otherwise we wouldn’t know what to do,” she said. A victim of personal identity theft about a year ago, Singh said she’s glad to see the move to more secure cards. In her case, the thieves opened several fraudulent credit card accounts using her stolen information, she said.

“It kind of haunts you for a while,” she said. “I’ve had to freeze everything.”

Dennis Young, owner of The Beer Growler, a nearby craft beer seller, said his business hasn’t been hit by many bad credit cards, so he’s not too worried about fraud. But recently he ordered an upgraded terminal, and he now has one of the new chip cards in his own wallet.

“I better get it done,” he said. He hadn’t received the terminal as of last week.

He’s still trying to get the hang of using his new card, which requires the user to plug it into a terminal and leave it there until the transaction is completed. It’s also a bit slower than the familiar swipe-and-sign routine, he said.

“I’ve done it wrong every time,” he said with a grin. “I guess a year from now, everyone will do it perfectly.”