A few random thoughts, some more, and some less related to the topic at hand.
Sensible question. So I give her the pat answer of the chip is more secure and the bad guys can't skim your information with a nearly invisible scanner slapped to the front of the ATM anymore.
But then later, it occurred to me: the new cards still have stripes, and they have to be backward-compatible with current point-of-sale fixtures.
So... the bad guys can still skim the card... they are just going to be restricted to store that don't use chips! Or am I missing something here?
1) Knowing relatively little about computers, and much more about mechanical systems, I would offer the following (only speculation): The data encoded in the magnetic stripe is read by passing the card through a reader, over its full length, from one end to the other. When using the chip interface, the card is plunged part way into a socket / receiver. The data on the stripe can therefore continue to exist on your card, and be useful for "old school" readers, but can't be skimmed by an unauthorized scanner slapped onto an ATM chip reader socket. As you and others suggest, it seems like the old vulnerability does indeed still exist, there are backward compatibility issues and transitional period to deal with. Until the magnetic stripes and their readers are a thing of the past, the better option would seem to be the chip, and probably for other reasons I haven't even conceived of.
2) Like others, I'm all but certain the day will come when I leave my card in the reader, a frightening thought. I would love some reassurance and enlightenment from others.......Does it now come down to mere physical possession of the card, or are there other security measures I'm not aware of? In a chip and PIN system, does the PIN you enter already exist on the card, in an encrypted form, and the point of sale terminal compares what you enter, with the data in the chip? Or does the POS terminal "fetch" that information from a remote server, and make the comparison to the value entered at the keypad to verify? If the former, it seems like again, simple possession of the card (and a little hacking) would be all that is necessary for fraud. If the latter is true, and there is more two way communication going on at the POS than I know, does it open up other possibilities? Ability to "kill" or deactivate a card from a remote location? Either at the customer's request, or worse, without his/her consent? Ability to "flash" new data to the chip, if you are concerned you may have been compromised?
3) I find it interesting some of the other security features which either persist, or never really took hold. As already pointed out, comparison of actual signatures seems like a quaint relic, and hardly ever happens any more, but they still give us that field on the back. The three digit "security code" on the back should be carefully guarded, I was taught; We give it freely and frequently, now. Around 1988 I got my first card with my picture on it; At the time, it seemed fairly advanced, I didn't know anyone else with that. Now, 25+ years later (gasp...) it too seems quaint and primitive as a security measure, but over the years, I regularly and still run into cashiers who have never seen such a card, find it remarkable.
I only get truly cranky when one of those cashiers looks back and forth at the card and me, a half dozen times, and asks........"Damn, when was this picture taken?"
