FBI's Internet Crime Complaint Center (IC3) warned merchants and their customers to adopt "chip and PIN" rather than "chip and sign" for credit cards, because the latter is still vulnerable to Target-style data breaches, point-of-sale (POS) malware, and fraud.
The U.S. is the last major market to use swipe and sign cards, which is why half of the world's credit card fraud happens in the U.S., even though it only has about a quarter of the total credit card transactions.
Starting this month, U.S. retailers who haven't adopted new systems that accept chip and PIN cards will be liable for damages if they lose their customers' credit card data. On the other hand, if the retailers' POS systems support chip and PIN cards, but the banks haven't made that type of card available to their customers, the banks would be liable in this case. The point of this "liability shift" is to get both retailers and banks to invest in the migration towards secure credit card systems at the same time.
The FBI warned that although chip and sign credit cards are more secure than magnetic strip cards, they are still vulnerable to fraud. The credit card data can still be stolen by infecting POS terminals with malware, and then the cards can be counterfeited. Those cards will also be used in online transactions where there isn't a merchant to verify the physical card.
The new POS systems that support the chip and PIN credit cards also support contactless payments, which should give a boost to mobile payments services as well, such as Apple Pay and Android Pay.
Samsung Pay was built around the idea of magnetic swipe cards, thanks to the acquisition of LoopPay, which has now been made obsolete by the migration to chip and PIN. However, Samsung saw this change coming and also added the option to use Samsung Pay as a chip and PIN card, following the EMV standard. Unlike Apple Pay and Android Pay, though, Samsung Pay works more like Google Wallet did by hosting the generated virtual credit card number on Samsung's servers, rather than on the device itself.
Because some large banks continue to issue chip and sign credit cards, this could be an opportunity for the more secure contactless mobile payments to take off, because all such services already require a PIN or fingerprint authentication, and they already come with chips or other similarly secure solutions for storing credit card information.
The phones that have fingerprint authentication should offer increased protection still, because although a four-digit PIN can be cracked within 10,000 possible tries, it's much more difficult to crack the fingerprint authentication.