The EMV Move: Shifting Toward More Secure Technology
For more than four decades magnetic stripe credit cards have been the standard in the United States while EMV (also known as “chip-and-PIN”) technology has more than 1.34 billion EMV payment cards already in circulation, in more than 130 countries around the world. Changing times are coming to America.
The transition from magnetic stripe-based credit card processing to chip-based credit card processing has been incentivized by both MasterCard and Visa, for retailers who upgrade their equipment to EMV-compliant technology that accepts both contact-based and contactless payments. One of these merchant incentives includes the ability to opt out of yearly data security compliance audits if the merchant meets a certain percentage of transactions which involve EMV technology.
By October 2015, liability for a counterfeit card transaction that occurs at a merchant who has not switched over to a contact chip terminal will shift from the card issuer to the merchant services provider, who could then pass those costs along to the merchant through additional fees.
The reason behind the shift from magnetic stripe cards to EMV cards is the move towards more secure technology. The black or brown or silver band on the back of your credit or debit card is the magnetic strip. It is made up of minute, iron-based magnetic particles which store data – such as your account number. The data stored on the magnetic stripe is accessed when the card is swiped through a card reader. This technology is highly vulnerable to fraud due to the affordability and availability of card reading and writing tools on the market. It’s easy for criminals to decipher the data stored on the magnetic stripe prone to an illegal activity known as “skimming”.
Skimming occurs when the data stored on your card’s magnetic stripe is illegally copied and the stolen data is burned onto a blank card, creating a counterfeit card to be used like any normal credit or debit card. Skimming often occurs at ATMs and sometimes when you pay at the gas pump. So-called “skimming devices” can be bought legally online for around $200 dollars. They record card numbers on a memory chip. Criminals will attach the skimmer to the credit card scanner on the pump in a way that makes them undetectable to most people. Skimming is often a problem at ATMs as well.
The primary verification method for online purchases is to request the CVV number (or credit verification value) visibly printed on the back of the card itself. The only way to have access to the number is to be in physical possession of the card.
Unlike magnetic-stripe based credit card processing, EMV technology has more advanced security features that involve encryption. Encryption, in its simplest terms, scrambles the data. EMV transactions create unique transaction data so that any captured data could be used to execute new transaction. In other words, instead of static security measures such as PIN codes, EMV payment cards bring dynamically generated codes into the transaction through techniques called Dynamic Card Verification Value or Dynamic CVC3 Card Validation Code. In both processes, a unique value is generated for every transaction, which the network authenticates in real time.
Additionally, the cardholder verification process ensures that the person attempting to make the transaction is, in fact, the legal cardholder. Four cardholder verification methods supported by EMV include: offline PIN, online PIN, signature, or no cardholder verification.
In contrast, the only possible verification option with traditional mag stripe credit cards is to check the ID of the presenting cardholder, which has inherent problems. Firstly it may create a false sense of security and secondly it is usually infrequently done.
EMV is already the gold standard for credit and debit cards internationally. The time has come for the U.S. to experience the potential benefits of these smartcards: reduced risks of credit card fraud and enhanced international acceptance.