I was standing at a cash register the other day, waiting and waiting while my brand new credit card was parked inside the machine—you know, the one where you used to be able to do a quick swipe and then go. It was one of those awkward moments, like standing in an elevator side by side with a stranger, and you’re both staring the at the number above the elevator door, wishing it would hurry you to your destination.
“This new technology takes so long,” I said to the bored cashier who was staring at his terminal. He barely nodded. He was probably counting the minutes to his lunch break.
Finally, the terminal gave me permission to remove my card.
When I returned home, I decided to explore this new credit card technology further.
Why have we evolved to a process that seems to be more time-consuming, as well as requiring merchants to buy new card processing terminals and deploy the software to run them?
EMV cards—named after Europay, MasterCard, and VISA, which launched the standard—utilize an embedded chip to store credit card data. That magnetic stripe on the back of the credit card was too vulnerable to hackers, who use skimmers to copy the stripe (or is it “strip”?) and steal your information.
But the new EMV chip credit cards are more sophisticated.
When you insert (not swipe) your card—a process that has become known as “dipping,” “chip dipping,” and “card dipping”—the computer creates a unique transaction code, which is why it takes longer, I imagine. The data encryption in both the card and reader is specific to that one particular purchase, and can’t be used again, unlike the magnetic stripe data, which has no shelf life. Learn more here.
The EMV card is a major step in protecting fraud that results from duplicating a magnetic stripe, but it’s not a flawless solution.
Stolen Cards
What happens when your card is stolen? With an EMV debit card, you enter a PIN.
If the credit card thief can figure out your secret code, the security of the EMV chip is a moot point.
When you use your EMV card for a credit transaction, you’re asked to provide an authorizing signature.
How often does the cashier compare that signature with the one on the card? Have you ever had a machine reject your signature? Me, neither. So, you can imagine how well you’re protected when the EMV card is no longer in your possession, chip or no chip!
Online Buying
The EMV chip won’t protect you from online hackers.
In a Forbes article, eMerchantsBroker co-founder Blair Thomas referred to “The Great Fraud Migration.” The fraud levels for purchases in brick-and-mortar establishments have decreased when EMV cards are used for transactions. “And yet, overall fraud levels have not gone down,” says Thomas. “Why? Put simply, fraudsters just don’t give up. Close the holes in offline retail security, and they’ll turn their attention to easier targets. What we’ve seen in every country where EMV has been launched is that fraud moves to environments where “chip and PIN” isn’t available — like online retail.”
An Aite study of EMV purchasing when the card is not present (CNP) reported that this fraud segment represents 45% of the total in the United States, and it’s growing at 15% per year in online and mobile commerce.
In Canada, after the shift to EMV chip cards, counterfeiting cards declined 54%, but, conversely, the CNP fraud rose 133%! The Aite study projects that online fraud losses in America will total six billion dollars by 2018—twice the current figure.
Not in My Store
There’s yet another problem with the migration from magnetic stripe to EMV chip cards. The cost of converting the technology isn’t cheap. Each terminal costs between $500 and $1,000. At the end of 2015, about 37% of merchants in the U.S. had upgraded to EMV chip readers in their terminals, in spite of the October 1, 2015, deadline for doing so. A survey conducted by The Strawhecker Group of 92 payment service providers represented about half of the U.S. card-accepting market. Why wouldn’t all the merchants switch, particularly when the liability shifts away from them for fraudulent purchases?
Mostly, it seems to be a readiness issue. Small shop owners simply didn’t have the technical resources to meet the deadline. However, the Strawhecker study showed that 90% of merchants will be ready by the end of 2017.
How secure is your EMV chip card? Like anything else, you have to take responsibility—like wearing a seat belt. No one can do it for you. You need to follow sensible practices, which I’ll cover in a future article.
What do you think of the EMV card technology? Let us know on Twitter @LTronDirect.
About the Author:
Gayle DeRose is proud to be the COO and Marketing Director for L-Tron. Her passions are serving customers, all things creative and her family. She has been with the company for over 20 years, continuously developing her expertise in operations & marketing, as well as the strategy, implementation and ongoing training required to deliver the exceptional service standard L-Tron models today. You can reach her directly at: Gayle.DeRose@L-Tron.com or at 800-830-9523 x 118.