But despite having many other countries to use as models for how to go about updating credit-card technology, the first five months of the EMV transition in the United States have been fraught with delays, complications, and concerns about whether chip-enabled cards will really help mitigate fraud. Especially bewildering was the decision to provide chip-and-signature cards, rather than the chip-and-PIN cards (used in most of Europe) that require people to input a PIN in order to use their cards, rather than just signing for their purchases. If the whole point of the EMV transition is to bring U.S. payment technology up to speed with the rest of the world, why do most U.S.-issued cards still not allow for the more-secure PIN verification? Or, put another way, why is the United States so determined to have the least-secure credit cards in the world?

The fights over how America deals with credit-card fraud and who pays for it have flown under the radar in part because almost no consumers ever have to cover any of the fraudulent charges made on their cards. But this idea that cardholders are insulated from the effects of fraud is not entirely accurate—dealing with fraud is irritating and inconvenient, and they do, ultimately, pay for fraud through costs such as interchange fees and interest. Moreover, as industry actors get better at reducing the types of fraud that they have to pay for, there’s greater risk that fraudsters will shift their focus from counterfeiting cards to activities such as opening new cards under someone else’s name. Dealing with identity theft can be much more costly to individuals than dealing with stolen credit cards, and the legal protections shielding consumers from being held liable for those costs are much murkier than the clear-cut rules limiting an individual’s liability to $50 in most cases of lost, stolen, or counterfeited payment cards. So even though the EMV transition does not actually shift any responsibility onto card users to cover fraud costs, it could still have significant impacts on them in the long term.

Understanding the slow, tortured process of the ongoing transition to microchip cards in the U.S. requires a closer look at how all of the companies involved profit in different ways from credit-card transactions. Nearly every transaction involves three parties: a retailer that accepts the card, a bank that issues it, and a processor that facilitates the payments between the first two parties. For example, when I try to buy a train ticket at Charles de Gaulle with my Bank of America MasterCard, the French train system, Bank of America, and MasterCard all get a cut of the payment. But if someone else uses my credit card to make that purchase, those same companies have to figure out how to cover the costs since I, the customer, am not held liable for fraudulent charges. So rather than trying to eliminate fraud, all of these different companies are trying to reduce their own obligation to pay for it when it happens.