Bee Investigator

Computer chip credit card technology means shift in liability for fraud

A chip credit card.
A chip credit card. The Associated Press

In our early 20s we act put out every time we have to produce identification to buy an adult beverage.

As we get older and carded with less frequency, we wish bartenders would again ask for proof of legal drinking age.

Whether needed to purchase a beer or to use a credit card to buy a new outfit, we should always be grateful when a salesperson asks for identification because, either way, it’s for our protection.

Oakdale resident Jeffery Wilbanks wishes the clerk at Target in Riverbank would have carded the woman who stole his wallet before she used his credit card and debit cards to rack up $1,100 in purchases.

If the name alone wasn’t enough of a red flag, the woman’s purchases should have been. Along with some DVDs and an expensive vacuum, she bought $700 in Visa Gift Cards – money she could spend long after Wilbanks canceled his credit cards.

“We protect our guests by relying on electronic authorization by the cardholder’s bank as the primary approval method for every credit transaction,” Target spokeswoman Molly Snyder said in an email. “This system allows for fast and accurate transactions without the need to check for photo ID and is the system preferred by credit card companies.”

Given that the credit card company most of the time takes the loss in a fraudulent purchase, I question whether they prefer this method. Electronic authorization only means the card hasn’t yet been reported stolen.

Thieves know they have to act quickly if they have the stolen card in hand and are using it at a brick-and-mortar business or using stolen information to make online purchases.

Wilbanks’ card was used within a half-hour of being stolen.

I don’t want to single out Target, though. From my personal experience, it seems most companies don’t require their employees to check ID.

“A lot of time that’s the way security is looked at,” said Michael Buratowski, vice president of Cybersecurity Services. “Companies make decisions off of the risk of something happening versus the cost of trying to prevent it and the liability of when it does happen.”

For years, credit card companies, or sometimes cardholders, have taken the hit for fraudulent transactions. But beginning this month an agreement between retailers and major credit card companies to adopt greater security measures will, in some cases, shift the liability to the retailer.

If you haven’t already got your new chip card from your bank or credit card company, you will soon.

These new cards are equipped with square computer chips on the front of the card that create a unique set of data for each transaction. The traditional magnetic stripes use unchangeable data that, if stolen, can be used by the thief over and over again until the card is flagged.

“If the unique data on the chip were to appear more than once, the transaction will be flagged as fraudulent and wouldn’t authorize,” said Carolyn Balfany, senior vice president of product delivery at MasterCard.

The chip cards will reduce fraud by making it more difficult to manufacture fake credit cards with stolen information.

However, most businesses still don’t have the terminals that can read the chips, so the new cards still come equipped with the less secure magnetic stripes.

Here’s where the shift in liability comes in.

“The liability shift protects the entity – be it merchant or bank – who offers the greater level of security by holding the other entity with less secure systems responsible for fraud,” Balfany said.

For example, if a chip card is used to make a fraudulent purchase at a terminal without chip technology, the business eats the cost. The liability shifts to the business because it didn’t invest in the technology.

If a fraudulent purchase is made with a chip card in a terminal that accepts that technology, the liability is back on the credit card company.

Target, by the way, is one of the retailers leading the industry in bringing the technology to the United States. It updated its terminals ahead of schedule in August.

“I think when a merchant feels the pain of being liable they are going to be much more inclined to” upgrade the technology, Buratowski said.

The United States is actually behind the times when it comes to chip cards because the majority of them don’t require PINs, or personal identification numbers. More than 80 countries already use chip cards and have a second level of security by requiring a PIN for both debit and credit card transactions.

“The U.S. is the only major market where counterfeit card fraud continues to grow – we account for 25 percent of the world’s digital payments and almost 50 percent of its card fraud,” Balfany said. “The 80-plus countries that have already adopted chip cards have seen their counterfeit card fraud decrease by hundreds of millions of dollars.”

The credit card companies may be giving Americans time to adapt to the chip cards before introducing the PIN components, but they are leaving out an important security component, Buratowski said.

“We kind of stuck our toe in the water of security,” he said. “I think we will see an increase in card-not-present transactions online where there is no” chip reading device.

Without the PIN requirement, Buratowski said, merchants must still do their due diligence to compare the name and signature on the card with the name and signature on the photo identification of the person presenting it.

And as customers, we need to be patient and appreciative when a clerk asks for identification.

“This is a financial transaction that is going on; we should slow down and take it seriously,” Buratowski said.

Have a question for the Bee Investigator? Call (209) 578-2366 or email

Ways to help protect yourself from fraud

▪  Write “See ID” on the back of your credit card instead of signing it. If a salesperson still doesn’t ask for identification, take it upon yourself to show him or her anyway.

▪ If you don’t yet have a chip card, call your credit card company and ask for one. Some companies are issuing them as the older models expire but will send them to you upon request.

▪  Make sure you are using a secure Internet connection when doing banking online. Avoid banking using free Wi-Fi, like when you are on vacation.

▪  Always erase hard drives on electronics you are disposing of.

▪  Never let retail or restaurant employees walk away with your credit card. Pay in cash at places like restaurants where your card isn’t being swiped in front of you because that’s when thieves can use credit card skimmers to steal information.

▪  Be diligent about checking your bank account and charges to credit cards. Do a credit check once a year.

▪  If your account is compromised, have it flagged. That will alert you if any credit cards are opened in your name.

▪  Never carry your Social Security card or anything with the number on it in your wallet.