Credit card fraud is a worldwide problem affecting an incomprehensible amount of users. As counterfeit activity becomes more advanced credit card companies scramble to heighten security. EMV is a method of payment implemented through an encrypted microchip implanted on the left-hand side of a debit or credit card. EMV is an acronym for the credit card companies that created it, namely Europay, MasterCard, and Visa. Chip cards have become standard in Europe, Asia, Canada, and now the U.S.
EMV cards are classified as smart cards, indicating that they have embedded integrated circuits on which they store their data. These smart cards can also be referred to as chip cards or integrated circuit cards (ICC). Depending on the verification method used by the card issuer, you may also hear EMV payment cards categorized into Chip and PIN or Chip and Signature.
A customer using a Chip and PIN card will authorize their purchase by entering a PIN number and anyone using a Chip and Signature card will sign for their purchase. Typically in the U.S. most debit cards use Chip and PIN and most credit cards are used as Chip and Signature. Using a PIN to verify one’s identity makes it significantly more difficult for criminals to fraudulently use a found card, as the 4-6 digit personally identifiable number would need to be ascertained before any purchases were made. Whether or not a PIN verification takes place is dependent upon the capabilities of the terminal.
The globalization of EMV has created a shift in liability for card-present fraud. A card-present transaction simply refers to any purchase made by the consumer where the cardholder is physically present to swipe or insert the card. Prior to the shift, card issuers were primarily responsible for any type of fraudulent costs, but now whoever has the lowest level of security is the one found responsible for that unauthorized transaction. For example, when a card-present counterfeit occurs because a terminal hasn’t been upgraded, the merchant is responsible for any consumer fraud costs. This shift in accountability is meant to incentivize, but also to punish any financial institution or merchant that has yet to adopt chip card technologies.
How it Works
EMV cards were created in order to prevent fraudulent transactions that typically take place when someone physically swipes an imitation card at a terminal. Chip technology increases data security by generating a unique cryptographic code that is specific to your purchase. If a hacker somehow gains access to this code and attempts to use it for another purchase, the transaction would be automatically declined. This is because the stolen transaction information created for that specific point of sale, is never used again and the data is always changing. This dynamic data is what is so revolutionary about EMV, setting it apart from the static data used in a purchase with a magnetic stripe credit card.
Magnetic Stripe vs. Computer Chip Technology
Credit cards without a computer chip are left at a disadvantage, as crucial credit card information is exposed via the magnetic stripe on the back of the card. When credit cards are swiped, the payment processor reads their magnetic fields and matches that information to the corresponding bank account. This stripe contains important details such as credit card number, cardholder’s name, expiration date, service code, and CVV code. The most dangerous aspect of the exposure of this information is that it remains unchanging for the entirety of the lifespan of the credit card, from issuing date to the date it expires. If these details are compromised, criminals can easily produce a duplicate card, embedding the victim’s stolen information onto the magnetic stripe of the new counterfeit card.
The primary advantage in employing EMV, is that chip cards are almost impossible to clone. As aforementioned, their data is constantly changing and never static, each transaction creating new information that cannot be replicated or forged. Another advantage is the high level of encryption built right into the chip. This sophisticated technology allows for a more advanced method of identity verification.
How Fraudsters Adapt
Credit card skimming is a type of theft that involves the magnetic stripe on the back of your credit card, coupled with a small device known as a skimmer. When a credit or debit card is swiped through a skimmer, the device obtains all of the data stored in that cards magnetic strip. Thieves can use this stolen data to either make purchases online, make purchases in person with a counterfeit card, or even sell the stolen data to a black market online. Skimmers are visually discreet and are typically positioned over the card swipe mechanism on gas stations or ATM’s. Often times a camera will be posted somewhere nearby in an attempt to discover your PIN number as it is entered into the keypad.
As credit card security progresses and evolves, credit card fraud does the same because the two are inextricably linked. With the rocky transition from magnetic stripe cards to a more secure chip card, criminals have found a way to transition as well from skimming to a more effective practice called shimming.
This new-age scam is executed through a shimmer, a card–size shim that is paper-thin, yet thick enough to contain an embedded microchip and a flash storage. In order to execute this new data heist, the scammer will insert the shimmer into the card slot of any POS terminal, where they record the data being shared between the terminal and the card’s chip. Although this data cannot be used to clone an actual chip card, it can be used to produce a mag stripe version that could potentially defraud banks and merchants who aren’t paying close enough attention or aren’t following standard card security protocols.
It would seem that the only surefire way to avoid skimming and shimming would be to use Near Field Communication (NFC) exclusively. NFC is the technology that allows for mobile payments, otherwise known as contactless or “tap-and-go” cards. Some known examples of these tap-and-go cards are Samsung Pay, Android Pay, or Apple Pay. Contactless payment forms are very secure and unlike magnetic stripe cards, each tap transfers very limited banking information. Experts within the field predict that EMV, although it has proven to decrease card-present fraud, will ultimately be replaced by the potentially more effective practice of NFC payments.