I have my credit card notification preferences set up to send an email any time a charge is made over $1. I can spot a fraudulent charge very quickly this way. Hasn’t happened yet, fortunately.
I have yet to find a merchant who has their chip readers set up for use. The slot is on the device, but not programmed.
I have seen the chip reader active at Wal Mart, Home Depot, Target, and Trader Joe’s, although some merchants do have chip reader hardware that is not activated.
My mistake … I have tried to use the chip reader at Wal Mart, but it (my chip card) did not work; so I had to swipe instead. My very recently opened Red Card account with Target came with a card without a chip!! No Trader Joe’s nearby and I haven’t shopped at Home Depot in quite some time.
@NJres I agree. We are discussing using seperate cards for online and normal purchases to see if that makes a difference. I use credit for pretty much everything, then we pay it monthly, so my card is everywhere - stores, restaurants, Amazon, etc. My biggest concern are restaurants. Here you hand over your card to someone, who takes it out of your sight then brings it back…
I had to use the chip reader for the first time at Trader Joe’s this past weekend. It was a different store from the one where I usually shop. The cashier had to show me how to insert the card into the reader.
I monitor my card use pretty closely – almost always on a weekly basis. Mostly just to keep track of my own expenditures-- I download everything into Quicken and categorize it so it’s pretty easy for me to generate reports at tax time. So I’d spot anything fishy. I do have alerts set up for larger than typical charges on cards I regularly use, and for any charge at all on the cards that I rarely use.
I have been through this 4 times with my Target Visa card (I am a slow learner). The first 4 times, Target sent me a new card with only the last 4 numbers changing. The 5th time they sent me a Target MasterCard with a chip.
The fraud reps I spoke with said typically the bad guys will first try a smaller transition (often on one of those squares for phone cards.) If that works, they will quickly start making purchases online while their partner in crime is printing an actual card and running to the stores to have fun.
The frequency for fraudulent transactions on my card is also high. @LKnomad and I must hang out at the same hotspots!
I have had seperate cards for on-line vs. non-on-line purchases for over 10 years now - it was a recommendation made by a policeman during an internet security talk. The funny thing is the on-line card has not been compromised in many years and as I mentioned above the other one has been replaced several times.
@Kajon well I know that Target is not the culprit. I have a Target red card that never gets hit. I use it only at Target. We must have similiar spending habits.
It surprises me that the U.S. is so far behind with the chip cards. We’ve had them in Canada for about ten years.
@VeryHappy They would also need to have your PIN in order to use a chip card.
US cards are PIN and Signature - there is no PIN. For some reason US banks do not want to implement Chip and PIN technology.
I have a chip card that does not have a PIN number. I wish they did use a PIN number. I called to ask if they provided a PIN and they told me that the US PIN cards do not require it. I am not sure that is only Capital One or all bank cards issued in the US.
My cards with a chip don’t require a pin…plus to be honest, given hot crappily many processors protect card info, there is no guarantee that the pin won’t be compromised. Part of the problem is that the stores and processors are not held criminally liable when breaches happen, they make it sound like the hackers that steal card numbers are these gangs of sophisticated hackers breaking sophisticated systems, when many of the companies involved have crappy or non existent security. For example, up until not long ago many of the bank cards stored customer information in human readable form, and encryption is not foolproof (a one way hash is). Likewise, using the merchant number of the credit card can stop people who have stolen credit card numbers from using them online, but a shockingly large number of vendors don’t ask for them (that obviously won’t work if the employee of a store or restaurant takes a picture of your card that shows the 3 or 4 digit code). Congress has refused to act, attempts at passing laws making financial institutions and others liable when they get hacked have been stymied for years.
The reason is the beancounters, they don’t want to spend the money on new technology, the basic credit card system has been around a long time, and even with things like where Target was breached, it was because they use some processing firm that probably was the low bidder on a contract, and that company had dismal security that allowed hackers to put a trojan horse in their systems (in large part, because they didn’t secure the admin accounts on the system very well).
One way that would make cards a lot more authentic would be 2 factor authentication, as i mentioned before,where when you used the card you get a text on your phone with a code, that you would have to enter on the credit card machine and/or use online. The code is a one time thing with each transaction, so even if someone for example was looking over your shoulder, and saw it, it would not work the next time you used the card, since that would be a new code. Unless a hacker had some sort of thing on your cell phone that allowed them to see the text sent with the 2fa code, they couldn’t use the card even if they had the number and the 3 or 4 digit number. Some services are doing that with passwords, basically when you log in your username, it sends a challenge code to your cell phone and that is the password for that session, so the technology works and it relatively crack proof since the challenge code only works 1 time, it is new each time.
Most US cards with chips are “chip and signature” (not PIN and signature), as opposed to “chip and PIN”.
It may be that the reason banks are hesitant to implement “chip and PIN” is that PIN in the US has historically been associated with so-called “debit” transactions (although both credit and debit cards can make either type of transaction these days).
I’m glad they don’t have PINs. I have a hard enough time remembering my ATM PIN number… if every credit card had a different PIN, I’d never keep track of them. So I’d end up putting the same PIN on all of them, or else I’d carry a little piece of paper in my wallet with all my PINs written down, neither of which is secure. I’ve got a password manager for online transactions … but I honestly don’t want to be standing at the pump at the gas station unable to fill up because I can’t remember the PIN. I don’t think PIN’s are particular secure anyway.
If someone is spending $400 at a 7-11 they are probably buying gift cardsThen they can spend the $ from the gift cards even after you’ve shut down your credit card.
The interesting thing is that 7-11 has security cameras that photograph folks, especially when they attempt a CCard purchase. That’s how they caught the thief that burgled us and neighbors. They were trying to use neighbor’s stolen CC and were caught by another neighbor who was working, on camera.
Did neighbor employee recognize the name on the card and realize the crook purchaser wasn’t the legit owner of the card?
No. The card was flagged when thief tried to purchase using the machine in the store.
Pins are a pain in butt, and it is why the 2fa method may be better. Given that most people have cell phones these days, there is no reason you can’t have a unique code sent to the phone of the cardholder, and can put it in the card machine (like the 3, 4 digit id on the card), even a simple message “is this your transaction”, and you respond to it. Because the code changes with each use, it doesn’t matter if they have some sort of rogue code picking them up. The only way a hack would work is if the scammers hacked the issuers systems and made it so they knew the codes, but that would mean limited the possible sequences, and that would be noticed pretty fast. With that, it would be very difficult to hack anything, it would mean not only stealing card accounts, but changing the associated cell phone numbers, which if those are kept secure, would not be easily changed. Nothing is perfect, but the current system that relies on the credit card number alone is just easy pickings, whether it is compromising a system, someone copying the card number expiry and user name, or where they steal the information when you swipe it through the reader on an ATM or credit card machine.