The US began its transition to chip-based credit cards in earnest in October 2015, after high-profile credit card hacks in the previous years at Target, Home Depot, Michaels, and other big-box retailers. Today, although only 59 percent of US storefronts have terminals that accept chip cards, fraud has dropped 70 percent from September 2015 to December 2017 for those retailers that have completed the chip upgrade, according to Visa.
There are a few ways to interpret those numbers. First, it seems like two years has resulted in staggeringly little progress in encouraging storefronts to shift from magnetic stripe to chip-embedded cards, given that in early 2016, 37 percent of US storefronts were able to process chip cards.
On the other hand, fraud dropping 70 percent for retailers who install chip cards seems great. Chip-embedded cards aren’t un-hackable, but they do make it harder to use stolen credit card numbers en masse as we saw in the Target’s 2013 breach. Chip cards also can’t prevent against Card-Not-Present (or CNP) fraud, which takes place when card information is stolen online, by mail, or over the phone. If retailers upgrade to terminals that accept chip-embedded cards but leave their online marketplaces insecure, they can still leave customers open to fraud and leave themselves open to processing fraudulent payments.
Though chip-embedded cards offer a concrete way to reduce brick-and-mortar fraud, it’s unclear whether the transition will reduce fraud overall as shopping occurs at brick-and-mortar stores less and less often in the US. Between Q3 in 2015 and Q3 in 2016, US online shopping as a total of all shopping in the US ticked up four percent (and quarters beyond that out to September 2017 likely followed that growth trend). Accordingly, CNP fraud has also showed signs of increasing.