Say goodbye to the swipe! (And for good reason.)
Now when you make a purchase at your favorite store you will “dip” your payment card instead of swiping the magnetic strip. And while the change on your end is nothing more than a flick of the wrist (or lack there of), it’s a huge step forward in terms of securing payment card data.
Why the change? Because by dipping your payment card you are able to transmit data using the more secure microchip. This new method is known as EMV. (Commonly referred to as chip cards, smart cards, chip-and-pin, and chip-and-signature.)
EMV is a set of standardized protocols for microchip-embedded cards and the specialized payment terminals required to accept these cards. EMV terminals read card data from a small microchip — you might already have one on your debit or credit card, if not, your bank will likely replace it with a chip-enabled one soon.
The chip provides added security in two ways:
- EMV makes it more difficult for card data to be “skimmed” by cybercriminals.
- EMV makes it hard to create counterfeit cards.
Many developed nations migrated to EMV more than a decade ago; however, the U.S. is just now widely implementing EMV thanks to the impending “Payment Liability Shift.” This shift will take effect October 1, 2015.
Here’s an EMV breakdown and what it means to consumers:
How does EMV secure my information?
EMV reduces the risk of point-of-sale data exposure as well as card-present fraud by using a unique code for every transaction.
When you make a purchase, card data is transmitted from the microchip on your credit card to the payment terminal. The chip creates unique transaction data that will only be used once. Traditionally, magnetic strips transmitted static transactional data, which used the same information for every transaction.
Hackers would target point-of-sale devices — the Target and The Home Depot data breaches are prime examples — to steal this data and make counterfeit cards or sell the information on the black market. Now these terminals will prove less fruitful for hackers and other fraudsters.
EMV also thwarts card-present fraud by preventing replicated payment cards. If a counterfeit credit card attempts to reuse transactional data that was stolen from an EMV card, it will be denied since this unique code will only be used once.
What does EMV stand for?
EMV stands for Europay, MasterCard, and Visa, the three companies whom originally created the security standard.
What is the Payment Liability Shift?
The Payment Liability Shift is an industry-wide movement that will hold merchants liable for card-present fraud starting on October 1.
Card-present fraud includes physically stolen and counterfeit chip cards. This liability was traditionally the obligation of the issuing-bank. Merchants will still not be liable for card-not-present fraud (such as online or over-the-phone transactions).
This shift was spearheaded by the Smartcard Alliance.
How do I “dip” my card?
At chip-enabled terminals, insert your card with the chip pointing towards the payment terminal. Make sure your chip is facing up. Once inserted, do not remove until the transaction is complete. You may be prompted to enter either a signature or a PIN.
If a payment terminal is not chip-enabled, you may still swipe your card’s magnetic strip. As the consumer, you will not be liable for fraudulent charges when using either method.
Is the card dip my only option?
No, EMV also supports Near Field Communication (NFC or tap-and-pay). Your card must have dual-interface to be scanned using NFC. There will be a small symbol on both the card and the payment terminal indicating that contactless payments are supported.
How much will it cost?
Consumers lucked out in this regard. Your bank is eager to send you a chip card since it saves them money by shifting the liability to incompliant merchants. It is likely you will receive a complimentary chip-embedded card from your financial institution, if you have not already.
However, merchants will have to bear additional costs for both migrating to EMV technology and future fraud costs for not complying with the Payment Liability Shift.
How has EMV thwarted fraud around the world?
There are an estimated 1.24 billion EMV-enabled payment cards and 15.4 million POS terminals currently in use, most of them in other countries.
The UK has been the poster child for EMV adoption. The Federal Reserve Bank of Atlanta reports that in 2004, prior to EMV, the UK’s card fraud rate stood at .14 percent per transaction value, compared to .05 percent in the U.S. — providing the necessary incentive for early adoption in the UK.
Upon rollout of EMV, domestic fraud in the UK plummeted by over 34 percent. It was clear EMV had successfully mitigated losses in card-present fraud — something the U.S. should also anticipate. Unfortunately, card-not-present fraud began to pick up within a few years, especially due to the growing popularity of online shopping.
The U.S. should accept a similar outcome and should anticipate online retailers becoming bigger data breach targets, as their credit card data would be less secure.
So my credit card is now fraud-proof, right?
Sorry, that’s not how it works. Since EMV doesn’t protect over the phone transactions or online payments (card-not-present fraud), fraudsters still have viable methods of exploitation.
You should continue to review your bank statements for signs of fraud and check your credit report to ensure no new lines of credit were opened in your name.
So what do you think? Will the EMV rollout be a success in the U.S.? Let us know your thoughts in the comment section. And be sure to subscribe to Fighting identity Crimes to stay up-to-date with the latest identity theft and fraud news.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.