Vermonster wrote:I was thinking about this today on my way to work. The idea behind EMV is that it prevents skimming the mag strip, but for right now most places will swipe the card first then the reader will tell them to use the chip reader instead. So with that swipe your card is just as likely to be skimmed. And as far as I know the mag strip still contains all the data for those instances that a chip reader is not available.
But the other big issue to me is that most skimmers appear to be attached to ATMs and gas pumps. These seem to be exempt from the EMV changeover due to the complexity of swapping out the readers. I don't know about you guys but our family is swiping cards at gas pumps 2-3 times a week. That worries me a lot more than the once a month Macy's or WalMart purchase.
Your concerns are valid, but EMV does in fact make your card more secure.
The type of fraud the chip fights is counterfeiting your card, and so as long as mag stripes are still being used, your card can be vulnerable. But gas stations will have their own liability shift in a couple of years as well. The delay could be due to the fact that where you buy gas is a lot more predictable than where you buy other things. The stripe itself, for chip cards, contains a key indicating whether the card has a chip - and your issuing bank knows this. So if someone copied your chipped card's magnetic stripe and then flipped the switch to whether the card actually has a chip to 'no', it won't match the bank's information while trying to authenticate the mag stripe and thus the transaction will be declined. If they don't flip the switch, they would only be able to use it at non-chip terminals, or more to the point, gas stations. Again, since where you get gas is more predictable, it's a lot more likely that your bank's fraud detection mechanism will see it right away and shut off the card.
Is it perfect? No. There is no silver bullets when it comes to security and there is no alternative to you monitoring your transactions closely. But this is merely making the card side of the system more secure, not absolutely secure.