Credit Unions Have Moved to Chip Cards, but Thieves Have Found a Loophole

Have you tried to use one of the new credit or debit EMV chip cards at a retail terminal – only to have it not work, forcing you to swipe the strip? This is called “fallback,” and it was the subject of an interesting article in CUInsight.

The article, by Dave Chojnacki, chronicles a debate now ongoing within CUs over whether fallback transactions should be rejected, or whether they should be allowed to go through.

Making the right decision could be worth billions of dollars to CUs and their members.

The reason for this is fraud. More specifically, it’s about how fraudsters have found a way around the build-in security of the new chip cards.

It turns out that fraudsters are rigging retail terminals to “fail” the chip-insert method of reading the card – forcing the user to “fallback” to a swipe transaction.

As we all know, fraudsters can easily rig the swipe reader to collect card information that can later be used to steal the user’s account information.

Remember, the whole point of the move to chip cards was to thwart fraudsters. As long as this fallback option exists, fraudsters will have a ready means of continuing their crooked trade. All they have to do is force a fallback.

No Swipe, No Fraud

The obvious solution to this problem is to move to an “all-chip” transaction model by refusing to process swipe transactions.

But we Chojnacki points out, this would be extremely inconvenient for CU members. After all, there are perfectly innocent reasons for using the swipe method – including the many incidences where retailers have yet to upgrade to the chip card readers.

However, Chojnacki reports that, “Several circumstances have changed since this time last year, all leading up to a decrease in “legitimate” fallback and a rise in fraudulent fallback transactions.”

“Nearly all of the terminal configuration issues have been resolved, and while there are still many merchants that have not begun to convert their mag stripe terminals to chip-accepting terminals, the vendors in this space have the experience from other implementations to ensure that future conversions are less problematic,” Chojnacki said.

You can read Chojnacki’s article here: cuinsight.com.

Meanwhile, the fraudsters have increased their scams, finding new ways to force fallback so they can get at the easily-obtained strip data.

So, don’t be surprised if your debit- and credit card issuers soon put an end to fallback transactions. Remember, it’s the user that is on the hook for terminal fraud, not the merchant. If you’re using your credit union card, it’s your CU that is on the hook for that fraud. As a CU member (and part-owner), this fraud ultimately costs you money.

Copyright Today’s Credit Unions