Credit card identity theft has been on the increase over the last number of years; and it seems that as quickly as credit card companies try to adjust for security, the hackers figure out a way to overcome the protocols set in place. However, this is all about to change with the implementation of the new ‘chip credit cards’ called EMV chips, placing a broad spectrum layer of security for credit cards. While over 120 million Americans have already received their new cards, and it is anticipated that the number will rise to 600 million by the end of 2015, there are questions regarding how the cards will impact the consumer.
What is EMV and how does it work?
“EMV” is the new standard for credit cards and stands for ‘Europay, Mastercard and Visa’. In lieu of the previously used magnetic-stripe, these new credit cards will have an embedded computer chip. The previous magnetic-stripe contained static data, which allowed a cybercriminal to duplicate the ‘stripe’ and place it on a fake card. The new chips will create a unique transaction code each time the card is used, without the ability for duplication.
Creditcall is a payment gateway as well as EMV software developer. President of the U.S. payment systems for Creditcall, Dave Witts stated, “If someone copies a mag stripe, they can easily replicate that data over and over again because it doesn’t change.” If a hacker stole the information from the chip at one specific point of sale, the standard ‘card duplication’ trick wouldn’t work. Witts added, “Because the stolen transaction number created in that instance wouldn’t be usable again and the card would just get denied.”
Aite Financial Industry Research Company research director, Julie Conroy said, “These new and improved cards are being deployed to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards. It’s an important step forward….. The introduction of dynamic data is what makes EMV cards so effective at bringing down counterfeit card rates in other countries.” The new technology has already shown a level of success as the reduction in fraud has doubled in just the past seven years in countries that have made the transition to EMV cards.
How will EMV chips affect consumers:
- Different way to perform the transaction:Â While the two-step transaction process of card reading and verification of transaction will be the same, the old way of simply ‘swiping’ the card will be changed. The new read process is called ‘card dipping’ which will require inserting the card into the slot of a specialized terminal and then waiting for the process to complete. Consumers will have to not only allow for a slower method of insertion but must be patient, as the confirmation process is slightly slower. If they try to use the old ‘quick swipe’ process, the transaction will probably be denied.
- Consumers aren’t tied to a card reader:Â Some new EMV cards have the ability to process a transaction known as ‘near field communication’. This will allow the consumer to make use of ‘tapping’ the NFC-equipped cards against a terminal scanner for access to the computer chip. This is perfect for NFC-enabled cell phones so that the consumer can accomplish a secure transaction within a short distance of the reader.
- Not all retailers/merchants will have the new reader equipment: The scanning equipment needed for dual-interface cards is expensive and some retailers may not have the ability to upgrade in a quick manner. Martin Ferenczi, Oberthur Technologies president, a leading global EMV service and product provider stated, “Contactless transactions are more consumer-friendly because you just have to tap. Around the world, there is a move to make EMV cards dual-interface, which means contact and contactless. However, in the U.S., most financial instructions are issuing contact cards….Dual-interface cards and the equipment needed to scan them are expensive. Right now, the first step is to successfully integrate EMV cards into the U.S. shopping scene. Dual interface will arrive later.” Retailers/Merchants that are not EMV-ready by October 2015 could be held liable for any data breach costs. Automated fuel dispensers have been given until 2017 to make the transition to the new EMV processes. Card payment/experts are reassuring the consumer that many of the new EMV cards will include both magnetic-swipe and embedded chip technologies to accommodate those retailers/merchants that have not accomplished an upgrade to the new readers.
- Responsibility of any fraud will be different: Current in-store magnetic-swipe credit card fraud brings the responsibilities of any compromised charges back to the card issuer or payment processor (depending on the card’s conditions and terms). The major U.S. credit card issuers: Visa, MasterCard, American Express and Discover, have a deadline of October 1, 2015 that will make a dynamic shift of liability over to whichever party is considered to be the ‘least EMV-compliant’ for the compromised transaction. An example would be that a retailer/merchant did not make the transition to the new EMV reader to accommodate the chip technology. Any fraudulent charges would fall back to the merchant. Given the extended time for automated-fuel companies to 2017, the current liability responsibilities will stand until that time.
How long will we have to wait for EMV technology?
Due to the massive dollar losses in credit card theft, companies are making an aggressive transition to the new EMV technologies. According to Javelin Research & Strategy, Aite Group, 2014 PULSE Debit Issuer Survey:
- 575 million: Number of EMV cards to be issued by the end of 2015
- 59%: Percentage of retail locations that will be EMV-compliant by the end of 2015.
- 78,800: Current number of EMV chip-activated merchant locations
- 40%: Percentage of US. Debit cards that will be issued as EMV cards by the end of 2015
- 70%: Percentage of U.S. credit cards that will be issued as EMV cards by the end of 2015
- 86%: Percentage of financial institutions that plan on issuing EMV debit cards in the next two years
- $3.50: Average cost for issuing a new EMV card
- $500: Average cost of an EMV-compliant point-of-sale terminal
Credit card theft is included as part of the overall global cybercrime figures and the incentive for credit card issuers to develop more secure technology is great. According to McAfee, “Cybercrime is a growth industry. The returns are great, and the risks are low. We estimate that the likely annual cost to the global economy from cybercrime is more than $400 billion. A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion”. While the new EMV technology won’t completely stop credit card identity theft, it will make it much more difficult for the hackers to try to steal the information.
