"Really, the chip things are an example of security theater. Yes, they're more "secure" in the sense of being harder to defeat"

Absolutely not!

In the US fraud may be small (but it's increasing). But magnetic stripes are very unsafe

Chip'n'Pin may have some issues, but it's much safer to most common attacks such as

- card stripers (very inconspicuous) - physical theft of the card (because it requires a pin)

And, as someone that had a striped card, it's a pain (even if liabilities are $0)

You're missing the point entirely. I'm not saying that chip & pin has no value. I'm saying that the value it has is finite (i.e. it saves money equal to the amount of fraud it eliminates) and needs to be weight against the cost of replacing all the card reader infrastructure. And I argue that the fact the US has not upgraded is an existence proof that the upgrade cost[1] outweighs the savings.

[1] Really the amortized upgrade cost. Remember that chips are dinosaur technology already, and have known problems. What's the point of doing an upgrade if you need to dump it all and start over in 6 years anyway?

The fact that the US has not upgraded is not an existence proof, it's simply one piece of supporting evidence. There are other possible reasons why the upgrade hasn't happened even if it makes overall economic sense - perhaps the cost of fraud and the cost of upgrades aren't borne by the same actors; perhaps there's some kind of game theoretic problem like a first mover disadvantage; perhaps the actors aren't acting entirely rationally.

It seems like the upgrade of terminal equipment could be done quite cheaply if it was done as part of the regular cycle of equipment refresh, for example.

"cost of replacing all the card reader infrastructure"

I'm not sure how many PoS are already equipped to deal with chip cards. In the USA/Canada it's hit or miss (most misses), and in Europe it was the standard 10 years ago (but most readers take swipe cards).

Replacing cards is cheap and they can be replaced as they expire

What would be the upgrade cost for each PoS? $100? Some systems are more integrated than others (like card reader integrated with the register as one device) so this may cost more.

Or maybe it's just a matter of issuing the cards to justify the stores to upgrade.

My previous U.S. card had a chip. The very recent replacement came without one.

So they aren't really moving in the direction of issuing cards with chips. I never actually encountered a situation where I was aware I could use the chip, over 5 years or whatever it was.

I've found that most Canadian retailers seem to support chip cards now.

It's not fair to just look at it in terms of the cost of fraud vs. profit. Consumers whose CC info is stolen aren't liable for fraudulent charges but it can still be very expensive and time-consuming for them to correct everything, not to mention the affect it can have on a credit score. And obviously, the consumers don't get any say in whether the costs to upgrade the infrastructure are worth it.

> Consumers whose CC info is stolen aren't liable for fraudulent charges

That's only if the credit card company believes or accepts your story.

I once reserved a flight by telephone using a credit card, but at the airport I paid for the flight with cash. Later I found that my credit card was charged for the flight. The airline said that they couldn't find any evidence that I had paid in cash, and even though their policy was to get a signature when paying by credit card, they could not produce my signature. But they still insisted that I had paid by credit card.

I complained to the credit card issuer, but they took the airline's word (United Airlines, by the way) over mine.

It's not enough that charges are fraudulent -- if the merchant is mistaken in their belief (or lying), you are on the hook!

Try to find the value of all swiped CC transactions. Then take 0.07% of that number. I'm guessing you'll be hard pressed to call the result "fairly small".