Step 3 is to remove your card when the transaction is complete. As mentioned above, different terminals may have different ways to indicate that it's OK to remove the card.
Are chip cards really more secure, and are they necessary?
Yes. Chip cards are light years ahead of magnetic stripe cards in terms of security. The main thing to know is that the chip in the card is communicating with the network behind the terminal to enhance security instead of just forwarding your card number and related data to the network, as with the magnetic stripe approach.
The chip can communicate a unique encrypted token (or an alias) with the network instead of your actual credit card number. That way, the network, and even the store, won't know your card number. When the token reaches your bank, it is decrypted so the bank can verify your account and then authorize payment. This all happens in a few seconds or less.
As to whether the security is necessary, the answer is again, yes, especially for banks, but not necessarily for card users. Obviously, it is in everyone's interest to reduce fraud where possible, and banks have long said that customers aren't held liable for fraud. That policy of keeping customers harmless will continue with chip cards. Enhancing security helps banks reduce the cost of paying for stolen card numbers and stolen merchandise, which theoretically keeps costs in check for average bank customers. In countries where chip cards have been used for years, as in Europe and Canada, fraud rates have dropped dramatically.
So if the chip makes the card so secure, why do I need a PIN or a signature?
The main reason for a PIN or signature is to provide the merchant (and the bank behind the card) further evidence that the user of the card is the actual owner of the card. If your card is lost or stolen, even with a chip, it can still potentially be used by someone else.
There's an ongoing debate as to whether a signature will really provide that added layer of security, since chip terminals don't verify in real-time that a signature belongs to the person using the card. The signature used by somebody committing fraud could be helpful in a subsequent investigation of fraud (using handwriting analysis), or a fastidious sales clerk might ask to see another card or form of identification to compare signatures.
A PIN is considered unique, but it can be stolen, even by a thief who watched a cardholder type in a PIN on a terminal before stealing the card. (That kind of theft is rare in the U.S. ) Some merchants want to avoid the added cost of terminals that have keypads, but nearly all the terminals being installed will have them. Another potential problem is that people who have never used PINs might have trouble remembering them.
Sign up for CIO Asia eNewsletters.