Houston Flooring Warehouse owner Matt Stacy was shocked last year after two women came into the store to purchase over $30,000 in flooring with a stolen credit card.
"We proceeded with the purchase. I.D. matched the credit card that she presented," Stacy said.
Days later, the credit company notified Stacy the card was cloned and he could be on the hook for the money.
When EMV chips were introduced, they were supposed to make transactions more secure, but forensic investigator Colman Ryan says criminals are staying two steps ahead of the game.
"The issue is that the terminals...after three failed chip reads, it lets you swipe it," Ryan said.
This is how it works. A cloned credit card has a fake chip on it, but the stolen account information is stored on the magnetic strip. When the card terminal cannot read the chip after three attempts, a feature known as fallback will kick in, asking the user to swipe the card instead.
Ryan says that chip is essential because it signifies that the card was physically present during a transaction, which would protect the merchant against fraudulent charges.
"But if it's a situation where the card was cloned and the chip not read, you can have a real liability problem where the merchant will be liable rather than the bank," Ryan said.
And the equipment needed to duplicate cards is easy to obtain.
"[For] $75 to $100 dollars, you're going to get the whole sheet match, box of cards, the burner, skimmer," Ryan explained.
ABC13 reached out to a few payment processing companies who said the fallback feature on these terminals is something that cannot be turned off, but it's up to the issuing bank to decide if the transaction will go through or not.
As for Stacy, he was able to recoup his lost funds and the women were eventually caught by authorities.
RELATED: Credit card chips can fall out, posing a security risk
Report a typo to the ABC13 staff