You might have opened your mail recently to find you were issued a new credit or debit card. Was your card close to expiring, you might have wondered? Well, perhaps, but one of the reasons cardholders have been receiving new plastic is thanks to a new feature: the new chip embedded right on the front.
What Is It?
But Why Is This Happening Now?The reason you’ve gotten this chip-carrying card now, or will get one soon, is because of a liability migration that takes effect Thursday. The liability aspect of things doesn’t really affect you, as a card user. What’s happening is that the card issuer has traditionally absorbed the cost of fraudulent activity when it occurs on a customer’s account. Now, merchants, if they do not have the readers to accept EMV cards, will eat this cost instead.“Whoever is the weak link, has the weakest security, has to eat that fraud,” said Kim O’Connor, vice president of product innovation at Elavon, a global payments provider.How Does This Affect Me?If you have an EMV card and the store at which you are trying to purchase something has an EMV terminal — even if it has the ability to read the more traditional magnetic strips on the back — you’ll still be forced to use the side that accepts EMV.Here’s how it works: Instead of swiping your card, an EMV card is inserted into the terminal and then left there, untouched, for several seconds. Some EMV cards might also be able to conduct near-field communication, which means they could be tapped in transactions instead.
What you don’t see happening is that the chip creates a unique code for every transaction, while the traditional magnetic strip’s information remains static, making it more vulnerable to fraud.
With EMV, O’Connor said, thieves can’t create counterfeit cards, obtaining information via skimmers, because the codes for EMV are unique each time.
Watch this video on how to use an EMV card:
Nuno Sebastiao, CEO of Feedzai, a data science company that works to detect payment fraud, was in Europe when it rolled out EMV about 15 years ago.
“There were the same type of concerns that you have here. Delays at the at checkout. People not being able to [adapt],” he said. “What I’ve witnessed myself when I had to change cards, a week or two [it was] awkward, but after that it’s just normal. You don’t even think of it any longer.”
A fellow Blaze editor had an interesting experience with an EMV card that O’Connor said card issuers haven’t really talked about yet, and that’s card destruction.
With traditional magnetic swipe cards, a good pair of scissors could do the trick. But a Blaze editor who tried shredding her EMV card actually broke her shredder. She also tried burning the chip without luck, and ended up sending it back to card issuer.
O’Connor recommended shredding as well, but only if using a machine that was capable of also shredding CD-ROMs, which are thicker than the EMV chip.
For EMV or straight-up metal cards, there are forums on the Web where people have shared their destruction ideas, such as using metal cutters and calling the card issuer for a paid envelope to send it back for official disposal.
And What About Businesses?
Businesses have to have both machines that can process EMV cards and the software required for those types of transactions enabled. O’Connor said most terminals cost a few hundred dollars, but the exact cost depends on individual payment processors.
For smaller businesses, O’Connor said, the transition to EMV terminals might actually be easier than for larger companies because big box stores have more integrated points-of-sale systems, which require more complex software development.
While there is no mandate and no penalty should merchants not have an EMV terminal to read EMV cards starting Oct. 1, O’Connor said the liability shift creates an incentive for them to start adopting the technology.
Even more of an incentive, she thinks, is that thieves might actually start targeting merchants that do not yet accept the more secure EMV cards. That’s because the magnetic strip will still exist on cards, due not only to the time needed to adopt EMV technology, but also because not all countries use EMV and swiping a card is still accepted, Sebastiao pointed out.
But if fraudulent activity occurs at a place where a merchant is still using the swipe terminals, they will be liable for the cost of that fraud.
“Issuers want to get EMV cards out there,” O’Connor said. “They’re thinking, ‘There’s liability I used to have that I can shift to another party because they’re the weakest link.’”
According to a recent survey by CreditCards.com, about 60 percent of credit cardholders have not yet received their new EMV card ahead of the Oct. 1 deadline. As for retailer preparedness, Michael Grillo, director of solution marketing with ACI Worldwide, told creditcards.com he thinks only about 25 percent of the large merchants are ready to accept EMV cards.
They Really Help Prevent Fraud?
While the EMV chips might help prevent fraud being conducted by thieves at stores, both of the experts we spoke to said fraudsters will likely just move online.
“It’s a fundamental shift in the way fraud is committed,” Sebastiao said.
Sebastiao said that while it might have been cheaper and easier to commit fraud the “old-fashioned” way, with an EMV card system well-established in Europe being started in the U.S., those in-roads are “being plugged.” That, coupled with the rise in e-commerce, makes online fraud that much more attractive.
Though Sebastiao said there might be a rise in online credit or debit card fraud, it’s really nothing new. And the old protection methods still apply.
“We need to make sure we only transact with highly trustable online properties,” he said. “But even in the case of highly reputable ones, they’re not foolproof. They are hacked too.”
That’s where Sebastiao said keeping close and frequent tabs on your billing statements is important. He also stressed that banks and card issuers need to be even more vigilant at noticing and asking cardholders about what could be potentially fraudulent online activity.
“They have to do that while you’re clicking that checkout button as opposed to next day or two days after,” he said. “Essentially, the world is becoming faster in that sense … you click buy and immediately that information is out of your hands.”