Here we go again, you walk up to the register at your local grocery store, heart rate increasing, palms sweating as you approach that mysterious Point of Sale device, just hoping not to embarrass yourself when you try to insert your chip into the card reader and learn the machine is not compatible yet. Does this sound all too familiar? What is really going on with EMV chips in the United States?
What was wrong with the magnetic-stripe? Those were the days.
As we know, before the EMV chip was introduced, traditional credit and debit cards used magnetic stripes which were swiped at POS devices to make purchases. Along with this magnetic-stripe swipe came the issue of storing static sensitive data. This meant that whoever was able to access that data on your card, could then use that information to make purchases repeatedly, until the card was deactivated. This static data includes but is not limited to: the Primary Account Number (PAN), Expiration Date, and Service Code, as well as other sensitive authentication data used to validate the card. With the security concerns around magnetic stripes, the U.S. has been moving, slowly, towards the EMV chip.
So what does EMV even stand for and why is it better?
Europay, MasterCard, Visa (EMV), is a joint effort between Europay, MasterCard and Visa to ensure security and global acceptance for cards with computer chips and the technology used for chip authentication. Due to the many data breaches and increased rates of credit card fraud, card issuers in the U.S are moving to this technology to protect their customers and reduce fraud. What these chips do to counteract the risk of repeated use of unchanging stripe data, is turn the static card data to dynamic card data.
Whenever an EMV chip is used for payment, it is “dipped” into the POS device and the chip creates a unique code for the transaction. This code cannot be used again. For example, your code that is generated at a grocery store today will be different from the code generated at a restaurant tomorrow. This code includes all data from the magnetic-stripe but also cannot be traced back to your card. If someone were to intercept this code from a transaction, it would be useless as it cannot be used more than once. Let’s be clear though, these chips will not completely prevent credit card fraud, but will make it much more difficult for card thieves to create counterfeit cards from the card data on a magnetic stripe.
Sounds great what but is taking so long for everyone to make the move to accepting the EMV chips?
October 1, 2015 was the date that was given for merchants to switch to chip enabled point of sale machines (excluding automated fuel dispensers and ATMs). After this date, merchants were responsible for any fraudulent transactions if they were not EMV compliant. That seems like quite the incentive to get complaint but due to the following, some merchants are not in a hurry: