Haven't received your chip-equipped credit card yet? Here's why

In early 2014, shortly after 40 million Target customers may have had their credit or debit card data exposed by hackers amid a slew of similar cybercrimes, the retailer's executives told the Senate Committee on the Judiciary that changes were coming. Among them, the executives said: Once banks issued American customers the chip-loaded cards Europe's been using since the 1990s and stores retrofitted their checkout counters to work with the technology, crooks would have a tougher time stealing useful data. A couple of years earlier, card networks like Visa and MasterCard had set a deadline for most companies of Oct. 1, 2015. The deadline's passed, and only half of Americans have a chip-equipped card. Fewer than half of banks and credit unions have adopted chips, and barely one-quarter of retailers have, according to researcher Crone Consulting. “It's going at a snail's pace,” says Chief Executive Officer Richard Crone. The card companies say they'll likely need at least two more years for the transition from old-school magnetic stripes and that the Oct. 1 target wasn't meant to be firm. “It's not a deadline; it's more of a start line,” says Stephanie Ericksen, a vice president at Visa. Chip technology is more secure than magnetic stripes because the chips generate new authentication codes for each transaction, while the codes built into magnetic stripes are permanent and can be copied and stored by hackers for later use. Chip cards cost banks as much as $2 apiece, 5 to 10 times what the old ones do. For now, many of the cards banks are sending out have both stripes and chips, because most U.S. checkout counters haven't switched over yet. “It is a little bit of a chicken-and-egg thing,” says Vinnie Brennan, head of card services for payment processor Fiserv. “The merchants say, 'We don't want to upgrade, because there aren't that many cards in the market.' The financial institutions say, 'There's not enough equipment in the market.' ” When the card companies set the deadline, they told merchants to expect to shoulder the costs of fraud if they didn't make the switch. Target and Wal-Mart Stores have spent millions to outfit registers with chip readers that can cost $600 to $2,000 apiece. For most merchants, though, “It makes no sense,” says Greg Buzek, president of researcher IHL Group. That's because, he says, most stores' fraud losses are small. “We looked at the numbers and decided that moving to new payment devices didn't justify the cost,” says Caleb Mitsvotai, senior manager for innovation and technology at Panda Restaurant Group, which oversees 1,800 U.S. restaurants. Chip-reader adoption lags especially among small businesses, of which only 42% plan to make the switch, according to a survey published in June by software maker Intuit. Partly, that's because more security means less convenience, says Mr. Buzek. For the chips to work, cards have to stay inserted in a payment terminal throughout the transaction, and merchants worry that they could slow checkout and hurt sales, especially around the holidays. Some merchants are installing chip-capable terminals less for security than because the hardware makes it easier for customers to use loyalty program apps, says Mr. Crone. Walgreens switched in 2012 to get its program going, and Mitsvotai says Panda's will eventually justify a hardware upgrade. About 60% of U.S. cards and 40% of checkout counters will be chip-enabled by Jan. 1, according to the Payments Security Task Force, an industry group that includes Visa and MasterCard. Javelin Strategy & Research predicts that fraud at U.S. cash registers will decline from $6 billion last year to $5 billion in 2018 as chips become more prevalent. Ultimately, wider adoption may be the biggest motivator for holdouts to upgrade their own systems, says Bob Legters, a senior vice president at banking IT company FIS. “If you are the last guy in the neighborhood without bars on your windows,” he says, “you are going to get robbed.”