The future of electronic payments is changing. Financial institutions, card brand networks, merchants, payment processors and others continuously work to develop new technologies and best practices to create safer electronic payments to protect businesses and their customers.
Chip card technology—also known as chip-and-PIN or EMV—is a shining example of how these collaborative efforts can succeed. Chip-and-PIN technology is a secure method to store and exchange sensitive credit card and debit card account data between merchants and their customers.
In this payment security article, we’ll look at how chip cards work to protect businesses by reducing the risk of certain types of payment fraud.
What is the history of chip cards?
EMV stands for Europay, Mastercard and Visa, the three organizations that created the original chip card specification that was unveiled in 1996. EMV was created to combat mounting losses related to the use of stolen and counterfeit credit cards.
EMV began to roll-out in earnest in 1998 and has seen widespread adoption in Europe, Canada and Asia. Chip cards have been in reducing card-present counterfeit fraud in every region where the technology has displaced magnetic stripe.
The US was among the last major global economies in the world to make the transition. That transition entered an important phase on October 1, 2015 when a key shift in liability took place. Previous to the shift, liability for counterfeit fraud generally fell to card-issuing financial institutions. After the shift, liability fell to whatever party hadn’t adopted chip card technology. The EMV liability shift helped incentivize businesses to adopt and certify EMV-compliant credit card acceptance equipment.
Are chip cards safer than magnetic stripe?
Magnetic stripe (or “magstripe”) cards are an analog technology with roots in the 1960s. Using the same technology behind analog cassettes, magnetic stripe cards recorded contained all the data necessary to conduct a credit or debit card transaction. Magstripe came into widespread use in the 1980s and represented a significant security upgrade from paper-based credit card imprinters.
Unfortunately, the technology behind magstripe eventually proved fairly easy for hackers to break. Though hidden from the naked eye, magnetic stripe held sensitive credit card data in plain text on the card. Criminals turned to credit card “skimmers” and other methods to gather this data—the raw material needed to produce counterfeit cards and commit fraud.
Chip cards work by offering a number of protections that standard magnetic stripe cards lack. A unique code is generated with every chip-and-PIN transaction. Even if a hacker manages to steal the authentication code, it’s useless for future transactions. The embedded microchip makes duplicating cards to commit counterfeit fraud nearly impossible.
Another benefit is that the cardholder can retain possession of the card throughout the transaction. There is no opportunity for unscrupulous employees to pass the card through a skimmer that records personal data.
How are EMV chip card transactions processed?
Chip cards work with payment acceptance devices that are certified to be compliant with EMV chip-and-PIN standards. During a transaction, the customer inserts the payment card into the terminal. The chip and the card reader communicate to authenticate the transaction.
After inserting the card, the customer follows on-screen instructions that further validate the transaction. This process will vary depending on which verification method has been specified by the card-issuing bank. Chip-and-signature systems are largely being replaced by chip-and-PIN transactions that require the customer to enter a PIN to complete the transaction.
After cardholder authentication methods are completed at the terminal, online processing begins. Additional authentication and other security and fraud filters may be performed by the card issuer before returning approval or decline codes to the EMV terminal.
Can chip-and-PIN transactions work offline?
Yes. Because chip cards work dynamically, network connection is important. But businesses don’t stop when networks go down, making offline transactions a potentially important consideration.
that allow chip cards to work offline: Static Data Authentication (SDA), and Dynamic Data Authentication (DDA). Payment data is authenticated between the card and the terminal, rather than with communication to the issuing bank.
Consult with your payment partner to determine best practices as offline transactions utilize some—but not all—of the security features of EMV.
Are chip cards fraud-proof?
No. EMV chip-and-PIN technology is proven to reduce losses from counterfeit and stolen card. That said chip card technology is not a silver bullet. There’s currently no single technology—or even combination of technologies—that offer 100% fraud-proof payments.
But chip card have significantly reduced card-present fraud. In December 2018, that in the three year period since the EMV liability shift that chip card technology has reduced card-present counterfeit payment fraud losses by 80% among merchants who upgraded to EMV.
Protecting your business and reducing risks of losses related to credit card and other payment fraud involves a mix of technologies, best practices, and relationships. Your payment processor can work with you to develop a comprehensive payment security plan that helps reduce risks—so you can keep more of what you earn.
Do all retailers accept chip-and-PIN cards?
EMVCo reports similar numbers with a 60.7% EMV adoption rate in the US for 2018 as a whole. That still trails the 80%+ adoption rates in Europe, Canada and elsewhere but nevertheless represents significant progress.
Worldpay is a payment technology leader that can help protect your business with secure transactions that minimize fraud and reduce risk. to learn how EMV can help keep your business safe from in-store counterfeit fraud.
© 2016-2019 Worldpay, LLC and/or its affiliates. All rights reserved. Worldpay, the logo and any associated brand names are trademarks or registered trademarks of Worldpay, LLC and/or its affiliates in the US, UK or other countries. All other trademarks are the property of their respective owners.