It’s holiday season, which means you are almost certainly going to receive (and give) a plastic gift card during the next few weeks. When you (or they) try to spend it, a familiar process will occur: You will swipe the card’s magnetic stripe, even if you are shopping at a major retailer like Target or Walmart. This action might give you pause to ask a question: “Where’s the chip?”
The past several months have been dominated by talk of the Europay, MasterCard and Visa, or EMV, conversion with chip-enabled credit cards replacing old-fashioned magnetic stripe technology. Stores have painstakingly changed their point-of-sale terminals so consumers can use their spiffy new credit cards. These cards are considered harder to counterfeit since the chip’s security code changes during each transaction. They’re meant to cut down on in-store transaction fraud (though the chip won’t protect you when making online purchases). But gift cards — whether issued by stores or even general purpose versions issued by banks – come with no such protection. Instead, they’re stuck with the old magnetic stripe technology — and probably for quite some time.
“No one will bother issuing EMV gift cards,” said Avivah Litan, a fraud analyst with consultancy Gartner. “(That would) eat up profits.”
Officials at the EMV Migration Forum gave essentially the same answer.
“We haven’t heard of any gift card programs going to EMV yet,” a spokeswoman said in an email. “(We are not) aware of any branded stored value cards with EMV yet, either.”
A Bigger Fraud Target?
It’s not that gift card fraud isn’t a concern. Quite the opposite. Gift cards are a stunning $124 billion a year market, according to 2014 data from CEB TowerGroup, making them a huge target. Search “counterfeit gift cards” on Google, and you’ll see endless police blotter items about identity theft criminals being nabbed with a cache of fake cards. All those credit-card-skimming and counterfeit card-making skills rendered ineffective by chip cards are still perfectly profitable with gift cards. And this summer, Chris Uriarte, writing for PaymentsSource, sent up a flare predicting that conversion to chip credit cards will push criminals towards the digital version of this same gift card problem.
“As the United States begins its efforts to reduce credit card fraud by transitioning to EMV, another type of card — the online gift card — could see its fraud risk skyrocket,” he wrote.
It has already been suggested that in-person credit card fraud would morph to online fraud as chip cards become more prevalent, given their protections only kick in when you dip your chip. Online gift card fraud will also rise, Uriarte predicted.
Adding some confusion to the discussion is the growing popularity of stored value/prepaid debit cards — which are a bit like disposable checking accounts, but can also be given as gifts (though that’s inadvisable, since they often feature higher fees). A few stored value issuers offer chip cards, but given the expense of upgrading, that conversion, too, will likely take much longer.
Gift Card Safety 101
So what’s a consumer to do? First, there’s a good reason you haven’t heard much about updating gift cards to EMV technology: The risk to consumers is considerably lower. Unless gift cards are linked to credit cards (which happened in the infamous Starbucks “hack”), the most consumers stand to lose is the value of the card. Contrast that with loss of a debit card, which theoretically could allow a criminal to drain the entire contents of your checking account.
And there’s good news about protecting the value on the gift cards. While gift cards don’t come with the same federal protections as credit cards or debit cards, increasingly, issuers now permit consumers to register them — which critically allows consumers to recover the balance if a card is lost or stolen. Some cards also permit use of a security code.
It might make you seem a bit stuffy on Christmas morning, but consider this part of the present: The moment you give a loved one a gift card this holiday season, make her or him pull out their smartphone and register it. You can tell them hackers are coming and ready to play The Grinch. Because there’s a good chance, they are.