Do Chipped Credit Cards Protect Against Fraud?

Everyone agrees that credit and debit card fraud is a huge problem that costs consumers, merchants, and card-issuing banks billions of dollars per year. Making cards more difficult to ‘clone’ is one measure that can cut fraud dramatically. So-called ‘chipped cards’ using embedded microchips are much safer, but do they eliminate all danger? Here is how chipped cards compare to traditional magnetic-stripe cards…

Using Chipped Credit Cards to Prevent Fraud

Technology based upon a microchip embedded in a credit card is used throughout much of the developed world to make card-cloning virtually impossible. Unfortunately, it’s not widely used in the USA, where the less-secure magnetic stripe cards still rule, and it can’t prevent all forms of credit card fraud. Here’s what you need to know…
The magnetic stripe on the back of a card is a mass storage device like a magnetic hard drive. Data is written to it when the card is made, and read by card readers when the card is swiped. The data stored on the stripe never changes; it’s fixed, like text on a printed page. All the fraudster need to is copy that static data to another card and he has a clone of the original card. The equipment needed to perpetrate this type of fraud is cheap and widely available.
A chipped card contains a tiny computer on a microchip, complete with operating system and application software. When a chip card interacts with a compatible card reading device, they generate a unique encrypted message that is different for every transaction. The key that decrypts this message is generated by the reading device, not stored on the card.
Chipped Credit Cards
The key is transmitted to the transaction processing host along with the encrypted transaction message; neither ever is stored on the card. So there is no re-usable data stored on the card, nothing for a thief to copy onto another card.
The chip technology has been around since 1993; it’s called EMV, after the three global credit card companies that developed this security standard (Europay, Mastercard, and Visa). EMV-enabled cards are widely used in Europe, where card fraud attributable to cloning has dropped 63 percent since 2004. So far, EMV has not taken off in the United States, and that is reflected in crime statistics indicating that fraudsters prefer to steal U. S.-issued cards.
How can you tell if an ATM or merchant’s terminal is EMV-enabled? If the machine instructs customers to swipe the card or “insert card and remove quickly,” it’s an old-style magnetic-stripe reader. If you insert the card and the machine won’t give it back until the transaction is completed, it’s EMV-enabled.
If you have a retail store that’s open to the public, ask your merchant service provider if they offer EMV-enabled terminals, and let your customers know about the newer chipped cards that provide more security for you and them. Consumers can ask their card issuer if their card is EMV-enabled, and ask if an EMV-enabled card is available if it’s an older mag-stripe card. Here’s a list of EMV card issuers in the U.S. http://www.emv-connection.com/u-s-emv-issuers/

Please Pass the Caveat…

It’s important to note that EMV protects against fraud in “card-present” transactions only. When you use a card online or read its details to someone over the phone, EMV does not come into play. There is one exception, though. Many consumers in Europe are using handheld debit/credit card readers that work with EMV-enabled cards. After swiping the card and entering their PIN, a password is displayed, which must be entered on the merchant’s website. But for EMV to protect against “card not present” online transactions, both parties must cooperate as described above.
It’s been claimed that Target Stores massive security breach could have been averted if EMV was used in Target credit cards. That’s only partly true; the data stolen from Target’s servers could still have been used to commit “card not present” fraud, though it would have been impossible to clone the cards for use in Target stores.
U.S. merchants have resisted upgrading their systems to use EMV because of the high cost of implementing EMV and getting systems certified. Visa and Mastercard are nudging merchants to bite that bullet by shifting liability for fraud more heavily onto the shoulders of merchants who do not use EMV.
EMV is a partial solution to card fraud. To the extent that online transactions become more common than “card present” transactions, EMV’s effectiveness becomes more limited. But it is one good solution to the problem of credit card fraud and cloning.
Your thoughts on this topic are welcome. Post your comment or question below…


More Posts about Finance:

  • New Square Reader Does Apple And Chips

  • Are You Ready for Equity Crowdfunding?

  • Are You Ready For Chipped Credit Cards?

  • Paypal or Square for Business Loans?

  • Which Online Payment Options Should You Offer?

Comments

  1. I’ve just been warned about the chips in cards that can be read in the wallet by people using scanners. Is that this chip, or is that something else? I was also told to keep my cards wrapped in tinfoil while in my wallet, or destroy the chip and use the card the old way with the magnetic stripe. It’s all very confusing. Could you sort this out, please?
    EDITOR’S NOTE: This seems like good advice on that topic: http://www.masslive.com/talk/index.ssf/2012/10/just_ask_would_wrapping_credit.html

  2. As a merchant, I would welcome this technology in my business. Magnetic stripe cards make fraud just too easy.

  3. I’m curious about the home-based card readers. Seems like they could be hacked, or spoofed as well.

  4. My company processes MOTO transactions, and this type of transaction is considered ‘high risk’as some users call in claiming they did not order the goods /services.
    This results in a çashback’ at considerable cost to businesses and card issuers. Is there a possible solution that you are aware of? I would appreciate an answer. Thank you Bob.
    EDITOR’S NOTE: Is the problem that the customer actually did get the goods, and is claiming not to? Or that the customer’s card is used fraudulently and goods are shipped to scammers?

  5. Hi Bob, to answer your question – my company processes payments for tech support Call Centres. This is considered a ‘high -risk’business,and some customers take advantage of this,claiming they did not receive the service they paid for, or that an unauthorised person used their card.Is there any way of reducing these claims?Thanks Bob
    EDITOR’S NOTE: It’s annoying, but I think it’s just one of the costs of doing business. You might try doing a quick email survey after providing your service, so if the customer said they were satisfied, but then did a chargeback, you’d have something to argue with.

Join the Conversation! Leave Your Comment...

*


Free Small Business Tech Support -- The Rankin File
Subscribe to The Rankin File: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.