For decades, U.S. consumers have used magnetic-strip credit and debit cards to carry out their financial affairs swipe by swipe. The simplicity of magnetic strips that makes them cheap to make and easy to use, however, also makes them vulnerable. The new standard for credit card security lies in EMV technology; EMV—Europay, MasterCard and Visa, the three companies that originated the standard—replaces the antiquated strip system with more complex (and, hence, safer) chip technology.
The United States trails dozens of countries by years in its shift to the EMV system. According to Meghan Cieslak, director of communications for the Electronic Transactions Association, this is due in part to the relative safety of credit card processing in the U.S. “The U.S. has always had ‘real-time transactions’, meaning merchants immediately send off the credit card information to the issuer for verification,” she says. Other countries, she says, experienced a dangerous lag. “After swiping your card, your information would be stored with the merchant throughout the day, and wouldn’t be sent to your bank for approval until later that day, meaning fraudsters had more time to steal consumer data,” she says.
But with counterfeit card fraud rising sharply in the U.S. in recent years, Cieslak says the time has come for the U.S. to migrate to the EMV system.
How it Works
Unlike cards with magnetic strips, which transmit the same data every time they are processed, chip-equipped cards create unique codes for each transaction, meaning the information they transmit is useless for the following transaction and unworthy of interception. And as for the card itself, whereas copying a magnetic strip is easy and cheap, chips are much more difficult to replicate—at least for now.
A Shift in Liability
For the consumer, liability for any fraudulent use of their accounts remains unchanged. However, retailers now have a new, increased responsibility to ensure cards are used only by their rightful owners. Now, business owners who fail to upgrade to EMV-enabled processing equipment are liable for any fraudulent transactions they process.
However, according to Cieslak, it may not be advantageous for some businesses to make the switch, since the cost of upgrading processing equipment may outweigh the liability of fraud. “A small business merchant may view the need to convert to EMV terminals—in order to avoid liability for a $16 dry cleaning bill or a $10 car wash paid for by a fraudulent card—as a relatively low priority,” Cieslak says. “By contrast, a small jeweler’s risk of liability for a fraudulently purchased $6,000 diamond ring likely provides a greater incentive to convert to EMV terminals as soon as possible.”
Rob Nicholson, owner of Virginia Beach, Virginia-based East Coast Appliance, says he transitioned to EMV hardware even though liability changed little for his company. He says the new machines offered lower processing rates, as does requiring the customer’s zip code. “Credit card charges to merchants are based on risk profiles. So the less risky, the lower the charge to merchant,” he says.
Risky Online Business
Cieslak warns that EMV technology does not protect against online fraud, which she says accounts for about half of fraudulent credit and debit card activity. Due to the increased difficulty in fraudulently using EMV cards in person, Cieslak anticipates a rise in online fraud, yet remains optimistic. The U.S., she says, “is leading the world in tokenization and encryption technologies that will better protect consumer data online.”