In America, paying with credit or debit cards has become nearly ubiquitous, while cash and check payments are at all-time lows. Unfortunately, the United States leads the world in payment card fraud, even though we only makes up 23.5 percent of total transaction volume. Why is this the case?
A significant portion of this disparity is likely caused by America’s continued use of magnetic strip cards, sometimes known as swipe-and-sign cards. These cards are relatively insecure and easy to forge. To combat this, Europe switched to EMV (EuroPay, MasterCard, and Visa) cards, which replace magnetic strips with tiny computer chips. In Europe, physical card fraud in Europe is extremely limited.
The U.S., led by Visa and MasterCard, is finally following Europe’s example by implementing EMV cards, and new rules place businesses using old-fashioned payment technology at risk. Part of this switch affects consumers—by gradually replacing their old cards with new EMV ones—but it will also affect any business or organization that accepts payments from consumers. The new EMV cards will also feature magnetic strips, but merchants will need new hardware to take advantage of EMV technology and avoid fraud.
Beginning on October 1, 2015, fraud liability will shift to whatever party is the least EMV-compliant. If, for example, a retailer only has the hardware to accept sign-and-swipe cards and a customer used an EMV card, the retailer will be liable for any fraudulent use of the card. Clearly, it’s very important for any organization that accepts payments to cater to EMV users, which will soon become a majority in the U.S.
EMV cards are considerably more secure than swipe-and-sign cards. Each time a card is used, the chip generates a new random transaction code. Even if a transaction code were somehow obtained by a third party, it would be useless for future use. This contrasts magnetic cards, which use the same data each transaction and contain the necessary information to make fraudulent purchases.
EMV cards are sometimes referred to as chip-and-PIN cards, due to their use of a four-digit PIN similar to current magnetic-strip debit cards. This is another layer of security, allowing issuing banks to confirm the card user. Current credit cards, on the other hand, use signatures to identify the user. Store clerks are meant to check the receipt signature to make sure it matches the one on the card, but when was the last time a cashier actually did that for one of your purchases? Let’s admit it, we can even write “Check ID” in the signature block and it will rarely be followed. Swipe-and-sign cards are a broken platform.
Providing EMV as a payment option doesn’t guarantee PCI compliance. It will still be very important to properly handle and dispose of paper records, protect cardholder data, maintain firewalls, and all other PCI stipulations. However, ensuring that your business caters to EMV payments will help prepare you for October 1. The countdown is on, are you ready?