Whether notice of credit card changes came as a newly issued chip card or through reading one of many news stories, you probably heard about the switch before reading this article. Maybe you have tried a chip card on an upgraded point-of-sale (POS) terminal at a major retailer. For those who have yet to try the new system, know there is not much to it. Instead of swiping your card’s magnetic strip through the side of a POS terminal, now you will insert, or “dip” as the payment processing industry calls it, your microchip card, aka EMV smart card, into a slot at the bottom of the terminal. Then simply wait for a beep signifying its ok to remove your card (in certain transactions, you will be prompted to sign – no difference here).
Reasons for change are fraud reduction, increased data security, and global acceptance of chip cards. EMV cards are more secure than strip cards primarily because chips hold from 2,000 to 64,000 bytes of data, whereas magnetic strip capacity maxes out at 62 bytes. This increased capacity allows microchips to hold and transfer encrypted data along with unique transaction identifiers. However, credit card fraud will not disappear once the transition is complete. EMV cards specifically reduce counterfeit card use because of its data capabilities. Fraud due to card not present (CNP) transactions- think online shopping- may remain the same or even increase as chips are not used in these purchases.
Leading the way is a more than decade old coalition between three major payment brands Europay, MasterCard, and Visa- hence the acronym “EMV”. EMV is a global standard for card microchip technology that uses layers of security as opposed to the generally un-encrypted magnetic strip card. EMVCo, the payment brand coalition that additionally includes American Express, JCB, Discover, and Union Pay, developed standard specifications for chip card payment processing. The U.S. is the last major market to adopt EMV technology. Congressional reports attribute domestic market hesitation to merchant and card issuers’ minimal appetite for absorbing transition costs. However, government’s increased scrutiny into corporate data breaches, including that of Target in 2013, spurred initiatives incentivizing change.
Card issuers (e.g. banks and other financial institutions) are responsible for creating, programing and delivering EMV cards to and for consumers. Issuers set parameters for consumer verification methods (CVM) used in a given transaction. Generally, CVM can be a signature, PIN or no CVM based on the likelihood of fraud in a particular transaction. For example, no CVM is for low dollar purchases, PIN for ATM usage, and signature validation for the bulk of U.S. POS transactions. The combination of chip card data and CVM theoretically make your data more secure as long as issuers and merchants properly follow EMV procedures.
Merchants are encouraged to upgrade POS terminals to accept EMV cards by October 1, 2015 (except fuel dispensaries, which have an extra 2 years). This deadline signifies a shift of liability for fraudulent credit card usage. After October 1, liability shifts to the payment chain participant that failed to implement EMV standards. If the issuer and merchant instituted relevant procedures, liability remains the same as pre-EMV implementation.
EMV cards are a step in the right direction, although not an ultimate solution, towards ending fraudsters’ ability to make purchases with another’s account. Until EMV technology is used by the majority of U.S. merchants, if not all, the strip will continue to function as a fallback method to ensure consumers can use their cards as needed. Consequently, this fallback leaves a gap for the exact counterfeit card use EMV cards intend to prevent.