Chase announced at its investor conference earlier in the week that they’ll be switching their ‘chip and signature’ cards to ‘chip and PIN’ later this yaar.
Most US cards have only a magnetic strip on the back. That’s where card information can be found and read.
In much of the rest of the world, cards have an ‘EMV chip’ with encrypted information. It’s much more difficult to steal data from. (And a magnetic strip is easier to reproduce, too.)
In addition, some cards with chips require consumers to enter a PIN to validate a transaction instead of signing their name.
A PIN number is harder to guess than a signature is to forge. So cards requiring a PIN (“chip and pin”) are considered more secure than those merely requiring a signature (“chip and signature”).
Chase offers the following cards as chip and signature that they will begin offering them later this year as chip and PIN:
- British Airways Visa Signature Card
- Chase Sapphire Preferred Card
- Hyatt Credit Card
- J.P. Morgan Palladium Card
- J.P. Morgan Select Visa Signature Card
- Marriott Rewards Premier Credit Card
- The Ritz-Carlton Rewards Credit Card
There are two reasons people like this.
- The cards are harder to hack. But frankly that’s not an issue that should be as concerning to most consumers as to banks, to payment systems like Visa and MasterCard, and to Merchants.
- Ease of use at automated kiosks in Europe, though chip and signature cards can usually use a dummy pin to authorize such transactions.
Frankly I don’t want to have to remember PINs on all of my cards. Many readers are looking forward to this shift. I am not.
- You can join the 30,000+ people who see these deals and analysis every day — sign up to receive posts by email (just one e-mail per day) or subscribe to the RSS feed. It’s free. You can also follow me on Twitter for the latest deals. Don’t miss out!
I use the same PIN for almost all my needs. I’m ready for chip & pin
I hope they expand that list – I have 4 Chase cards and none of them are on it!
I will welcome it if I can be the one to choose the PIN. I just got back from 3 months in Amsterdam and could only use my CC in restaurants. I couldn’t even reload my transit card – I played “clueless tourist” at the reload machines until a local offered to load it if I gave them the cash (machines didn’t take cash either).
I don’t mind the chip part, the PIN is annoying, especially if you already have more than one debit card too. I will say that merchants in the US (or at least some of their employees) don’t yet know how to use their own chipcard readers. I literally had to process the transaction myself once because the person working had never scanned a chip card before.
@MoneyMateKate – HA! I used live in Amsterdam too, and the Dutch love their Chipknip cards. It got really annoying (at the time) not being able to pay for anything with a card (restaurants, supermarkets, and especially public transit).
I just used a chip and signature card (American Airlines Visa by Citibank) at a CDG kiosk to buy train tickets to the city with no trouble.
@Bill n DC – is it 1-2-3-4-5? That’s kind of thing an idiot would have on his luggage.
My Reserve wouldn’t work for train rides in Spain. (By the way, the trains in Spain run mainly on the plains.) I tried the cash advance PIN and 0-0-0-0. No dice.
I’m looking forward to having this option and am curious if we will be allowed to set them as we can on debit cards.
Will they be default Chip & PIN, or will they be Chip & Sig first, THEN Chip & PIN?
I look at this as a positive change – I’ve had more than a few occasions where having a chip & pin in Europe would make things easier and a dummy pin didn’t work. In my perfect world, my primary card will still be swipe & sign for the consumer protection but a backup card with chip & pin would be perfect for those occasions when my only other alternative is cash.
It’s not really a surprise. The card industry testified in Congressional hearings last week that it would switch over starting in 2015. Chase (which already has it for Hyatt cards) is starting earlier.
The real question is when stores will have the technology
But these Chase cards will also have a magnetic strip so they can be used in legacy processing machines, no? If the processing machine is not aware of the chip how can the chip provide extra protection when all you really have is a hybrid card that gives you the ability to use it in Europe and still get your info skimmed at home!
Sorry, but the recent Target/Neiman Marcus/Michaels etc breach makes this a necessary step, and consumers should be happy about it, despite the potential pain.
Personally I replaced all the credit cards we had that were used at Target, NM or Michaels. And I still don’t feel completely safe. A couple of friends have had numerous invalid charges show up on their cards and have had to be very watchful. Molly Wood ex of CNet and now at the NYTimes had her identity stolen and has written about it extensively:
http://bits.blogs.nytimes.com/2014/02/06/when-identity-theft-hits-home/
The chip part guarantees that the approach used to steal card info at Target et al wouldn’t work again. Doesn’t mean there won’t be a new trick deployed, but things have to evolve.
In my experience these cards (well, at least the BA and Sapphire Preferred) already work as Chip & PIN when you need them to. At automated kiosks if I put in the PIN for my Chase ATM card I was able to get them to work. So I can’t say this really matters too much to me.
This is great news in my opinion. Now I won’t feel like a loser when I’m over in Europe. Can just pay like everyone else.
Chase is aalready issuing the Chase Sapph Pref with chips. I received a new one in January 2014. I had a issue that required Chase sending me a new card and my new one has the chip.
Chip PIN are coming to chip & sign….whoops, I misread.
Silly question but would this change be considered significant enough to make it a NEW card, thus allowing us to apply for it again?
Can’t wait until everything is just on our phones and you can pay for things using a Starbucks type app.
There is a fair amount of misinformation going on here and I hope to not add to it, but here it goes:
The PIN is stored on the Chip in a Chip and PIN card. As such you cannot just change it willy nilly.
The reason the PIN must be stored on the card is that in some cases still (and in many cases when the technology was being built) it is not always practical or feasible to always have a live connection to the server at the time of the transaction. The PIN on the chip authenticates/secures the transaction in real time.
This leads to online and offline terminals. An online terminal is smart enough to know that an American Chip and Sign card does not have a PIN by checking in with the card processor’s server in real time. When you type in “0000” or some other PIN it will simply work as though you had swiped it, and not because it authenticated any code you entered. If you are at a manned terminal, it might print a receipt asking for a clerk to request a signature. In an offline machine, such as those found at some public transportation facilities, is not technologically feasible to check in with the server and, as no person is there to request a signature it will not be able to authenticate (one can argue the merits of a signature as authentication in a separate post). As such, any PIN you enter will not work.
This leads me back to Gary’s point about remembering his PINs, for now, I don’t think it will be too annoying. Choose one card you want to have a Chip and PIN for an remember it. If it ever becomes mainstream in the States we can start worrying about having to remember all our PINs when we go bean shopping.
Also, just to add, this should mean that we will have to be issued new cards that have a PIN embedded on them. In other words a bank cannot simply flip a switch to enable a Chip and Sign to become a Chip and PIN
@FFU +1
Complaining about having to remember PIN numbers for multiple cards when you’ve clearly mastered remembering to pay the bills on time is pretty pathetic
Another reason to love Chase – and no forex fees on these cards either.
Really how hard is it to remember a PIN? I use the same one for every card. Not the same risk as using the same passwords.
I have no idea what you mean by dummy PINS but none of my Chase chip+sig cards work overseas with 0000 or 1234. And I will never have cash advance PINs.
@EthaninSF Where in the US have you succeeded using the chip reader? The merchants I’ve tried in SF, SJ, LA and SD (and anywhere else in the US) don’t have their chip readers active. Walmart POS terminals have returned a “Card Read Error” when dipped with my Chip and PIN card, but people on FT have reported success.
I wonder if Chase will add the ability to change the PIN via ATMs, or if people will have to go into the branches to do this (that’s my bet).
Fantastic news! No more queueing in the long line at the train or tube station when there are vending machines available!
More importantly, what will happen to gift cards?
Both of my cards are on the list (BA and CSP).
FYI, Citi is finally rolling out Chip+Signature feature to some of their cards. We got an email about it on Citi Diamond and Citi Simplicity (not on Citi AAdvantage yet though).
Before everyone gets all giddy, do some Google searches. There are many ways to hack these, buy readers off Ebay, etc, looking over your shoulder. Without chip and pin you’re off the hook for what you report as fraudulent charges. With chip and pin, from what I’ve read, that’s not the case. The card issuer puts the onus on you now since they won’t recognize fraud in the old sense. Issuers have said no reversal of charges since you were the only one to know your pin. Not true though, there are ways.
All the Chip and PIN cards I have in Australia can have their PIN changed at an ATM or online. Not particularly difficult.
Last week I received a new Chase Sapphire Preferred card (new card number too) with the chip because I purchased something at Target during the hacking date window. The problem is that it’s a cheap plastic version. Can I call and ask for the metal version and still have the chip? I miss my metal version…
@ Rebecca D — AFAIK, chipped version were metal. My friend got one in November with a chip and I replaced my cards — in both instances they were metal. But it’s expensive to make chipped cards so perhaps Chase decided to save some money.
P.S. Not sure if it’s applicable but, for example, chipped Amex Platinum MB looks a little bit plainer than regular one.
P.P.S. Oh, don’t forget that most, if not all, Amex cards can be chipped — just have to call them.
@Rebecca D. – My Sapphire Preferred has a chip and is metal. Call them up and ask for it. They are very responsive.
I for one am overjoyed at this change. I’m a big boy and can remember a 4-digit PIN. Even a half dozen of them if necessary. Chip & PIN will make my upcoming travels in Europe much easier. I just hope “later this year” means before July. In fact, I’m going to call Chase tomorrow.
@Adam H #18 – you are exactly right. The Target breach is what is pushing this faster. To add to your post right now when a card gets hacked Chase (or other card carrier) is on the hook for fraudulent charges. When the CC companies hand out chip + PIN all merchants will need updated card swipe machines to handle them.
If Chase issues a chip + PIN, but Target (or other retailer) doesn’t have the proper card swipe machine to handle it the liability will shift to the merchant. That is why the CC companies are going to push out new cards quickly.
Thanks all! Just got off the phone with Chase and they are sending me a new metal version with the chip. The rep wasn’t sure why I received the plastic version other than maybe it’s because of all of the replacement cards they’ve been sending out in the past 2 weeks. As a side note, the wait time was 12 minutes. I asked if the direct answer benefit was no longer a benefit and he confirmed the wait was only because of all of the Target issue calls they have been receiving. Phew!
@Ivan Y – The Citi AA cards have had Chip & Sig for quite a while now.
@ Brian L — Oops! Had a brain cramp 🙁 Yes, my card has a chip – just don’t use it often enough to remember.
My heath club still uses the physical imprint card reader (big plastic handle swipes over the metal plate). I’m guessing I’ll be dead before they convert to chip and pin.
Anyway, the reason chip and pin is more secure is simply that you need TWO forms of authentication – something you have (the card) and something you know (your PIN). Since no one checks signatures, our current system is effectively one-factor authentication.
This is a welcome change. I travel to Europe regularly for work and I’ve mostly given up on Chip and Signature cards. Sometimes they work, but it’s not worth my time to play the guessing game of “Will it work?” each time I arrive at a ticket kiosk – especially when there’s a line of non-English speaking people wondering what the idiot in front of them is doing. I’m looking forward to a working Chip and PIN card, and sticking with cash until that comes along.
Will Chase consider the Chip&Pin card as a different product from the old version? Aka, will this present an opportunity to cancel and chip some chase card?
Still unclear whether it’s going to be PIN as primary or secondary method. If the former, this is big news. If the latter, it’s still significant, but not a big deal. The Barclays HA card is chip and pin secondary, and has no forex fee. I already have that one. The number of cases where chip and sig won’t work isn’t so high that I need more than one. I would like a true chip and pin primary but my guess is this card will be just like the HA card.
What will be a dummy pin to try in Europe?
If they are introducing Chip and Pin then they should just go the full way and introduce Contactless Payments.
About time. Citi should do the same. Citi also has the mc pay pass available.
In a call with Chase regarding my Sapphire card on Monday, they offered to send me the new card. It arrived yesterday.
@ProfP – did you get the new chip and SIGNATURE card or did you actually get chip and pin?
just got the Chase Sapph, it has a chip and is a harder plastic but not metal. i will call and request a metal one.
anyway, was just passing through Frankfurt and neither of us could use our regular or chip & sig cards at the train kiosk, obviously frustrating.
i do agree that this is a necessary move but as @gary has written before, then the fraudulent charge comes back to the consumer.
but i will be glad with at least one chip & pin card for things like unmanned kiosks. otherwise, we have never had an issue paying for anything with a non chip card in Europe, Middle East, or Asia so far.
The eternal battle between More Security vs More Convenience rages on…
I, for one, will welcome Chip & Pin with open arms
i got mine-chase sapphire 🙂
Chip and Pin would not have stopped the Target Breach. People need to stop pushing fake information. I’m in InfoSec. Chip and Pin will only protect you from someone trying to grab your card information with a RFID reader. Target breach was caused by malware being installed on their servers and POS terminals. Chip and Pin does not protect against that!