EMV Cards: What’s the Chip and Who’s Liable Now?

According to research done by Barclays in 2015, the US is responsible for 47% of global credit card fraud, while only accounting for 24% of card volume. This staggering statistic, along with massive commercial hacks affecting millions of Americans over the past few years, is reason enough to suggest that credit security is demanding new solutions. At the forefront of these solutions are EMV cards: the newest credit card technology rollout for Americans—a technology that has worked successfully in many European countries for years.

Despite many people already having access to EMV cards, and many retailers already adapting their hardware, the general public is still not aware of how EMV works or why it is more secure. Understanding the basics of EMV technology is an important step for improving personal and commercial security.

What Is an EMV Card?

EMV is an acronym that stands for Europay, Mastercard, and Visa (the original three companies that developed the standard). An EMV (or chip) card is distinguished from other credit and debit cards by the computer chip on the front: a small, raised, gold chip. Rather than using the black magnetic strip on the back of the card to make the transaction, EMV requires that the gold computer chip be inserted into the card reader, as well as a user pin be entered, for a securer transaction.

The improved security of EMV cards comes from the moment of transaction that occurs between the card and the processer. The typical magnetic strips use unchanging data every time they swipe. This data, once stolen, can be copied over and over again for malicious purposes. EMV cards, however, do not operate in the same way.

Sienna Kossman explains, “Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again.” Because EMV cards use different transaction codes every time they are used, hackers will have a much more difficult time using stolen data.

Who’s Responsible? 

The liability shift, which occurred on October 1, means that in card-present fraud, the party who was least EMV-compliant will be liable. In many cases, this falls upon the retailer. Because most major credit card companies have been distributing cards with chips on them for quite some time now, retailers will now assume their responsibility in updating their hardware to comply with new EMV cards. Their failure to comply could result in large financial costs if a breach occurs.

Banks and credit card companies do, however, have the responsibility of distributing EMV cards to those who do not currently have them. According to Maria Korolov at CSO Online, this process will move much slower for debit cards because of the various debit networks in the United States. She reports that, “an estimated 25% of debit cards are expected to be ready—compared to about 75%of credit cards.” At this rate, many banks will still be liable to cover any card-present fraud if their debit cards do not yet support chip technology.

EMV: Not a Cure-All 

As Maria Korolov wisely puts it, “the chip alone isn’t a silver bullet.” EMV cards are not going to magically eliminate hackers or security vulnerabilities. The chip cards will, however, improve the encryption and security of the data during transaction. No matter how advanced the security technology may seem, users should still always use best security practices (e.g., EV certificates and secure authentication in online accounts) to protect their personal information.

Posted in Data Security, Enterprise Security, Security, Uncategorized