If you have received a new credit card lately, chances are good that it is fundamentally different from your past plastic. After a seemingly endless onslaught of data breaches and credit card fraud, U.S. businesses have finally followed in the footsteps of their European counterparts and adopted credit cards implanted with EMV chips. Designed to totally eliminate contact between a consumer’s credit card and a merchant and to encrypt every aspect of the transaction, these “smartcards” seem to be the answer to the prayers of retailers and law enforcement agencies alike.
But oftentimes with every new solution comes the potential for unforeseen problems. In this case, experts are afraid that EMV technology may have opened the door for an uptick in cyber crime. Considering that online purchases are only increasing in popularity, there is good reason to investigate this possibility further.
How EMV Chips Work
To understand the potential danger, you need to have some knowledge about how EMV chips work. Your old credit card stored all of your account information on a magnetic stripe. This made it easy for someone with the right skills to copy your information and use it to complete counterfeit transactions. In contrast, your new card comes equipped with a tiny EMV chip embedded in it, which stores your personal credit information and transmits the tightly encrypted details during the sales transaction.
With this new technology, now when a buyer makes a transaction, she must validate her card by either furnishing a signature (chip-and-signature) or entering a personal identification number (chip-and-PIN).
At first glance, this new system seems virtually impregnable. However, there are a few distinct vulnerabilities that make it much more porous than we might want to believe.
Why Some Businesses Aren’t Switching To EMV Terminals
On October 1, 2015, most businesses became liable for fraud or counterfeit that resulted from their not having installed a terminal capable of processing EMV cards. However, two exceptions were made: gas stations and ATMs. Because EMV technology is so complex, new point-of-sale equipment is needed to handle transactions. This can get very expensive, so these venues were given an extension until October 2017. Until then, anyone using a credit card will need one equipped with a magnetic stripe, which automatically leaves the customer in question open to fraud.
Equally troubling is the fact that a large number of businesses, particularly small companies and retailers, have not adopted the EMV technology in spite of the new directive. Many entrepreneurs are reluctant to suffer the expense and time involved in purchasing a new POS terminal and training their staff in its use. Other owners simply choose to roll the dice, preferring to risk the relatively unlikely instance of being victimized by credit card fraud against the reality of needing to pay the very real costs of upgrading their credit card processing equipment.
One of the frustrations of many smartcard customers is that the transactions are not as fast because the EMV terminal takes longer to process and encrypt their data. Because of this many businesses and financial institutions are opting to use chip-and-signature over chip-and-pin, despite the latter being more secure. Unfortunately, this leaves customers vulnerable to theft because the majority of merchants will probably never attempt to match the signature with the one on the back of the card or ask for another piece of identification. Since they have been encouraged to follow these precautionary procedures for years and have failed to do so, it is not likely that those who have failed to take this extra step will modify their POS protocols anytime soon.
Vulnerabilities In The System
A big vulnerability with the EMV switch is online transactions. Since neither chip-and-pin nor chip-and-signature verification can be utilized, it’s likely there will be an increase in online fraud. Similar to what happened in other countries, criminals will simply switch from on-site theft to using readily available stolen credit card numbers to make cyber purchases. Criminal ingenuity knows no bounds. As the never-ending flood of Internet viruses proves, hackers seem to have infinite patience and an endless arsenal of tools that they will use relentlessly until a code is cracked or a site is infiltrated. Inevitably, they will find ways to compromise EMV technology.
That is not to say that EMV technology should be dismissed as a failure. Consumers and businesses alike should feel more secure with their credit card transactions but be aware of the dangers and act accordingly to further waylay criminals.
The reality is that EMV cards are expected to reduce U.S. data breaches and fraud by a significant margin, thereby making point-of-sale purchases much safer for everyone. This will be particularly true after October 2017 when gas stations and ATMs join the protocol. That being said, it is important to be aware of the weaknesses in this system. After all, the criminals who are attempting to bypass it certainly are.
To that end, it is more important than ever to do all you can to safeguard any online purchase you or your customers make by remaining abreast of the latest technological and security developments designed to enhance the safety of EMV technology. No system is perfect, but EMV represents the latest and greatest way to secure customers’ credit card data and protect them as well as merchants from fraudulent activity.