Our Full-Service B2B Marketing Program Delivers Sales-Ready Leads Click to Learn More!
Welcome Guest | Sign In
ECommerceTimes.com
NICE inContact February 12 webinar

The Sluggish Crawl to Chip-Secured Shopping

By Richard Adhikari
Oct 5, 2015 11:33 AM PT
emv-chip-credit-debit-cards-liability-shift

For retailers that do not yet accept EMV cards -- credit and debit cards with chips embedded in them -- a spine-tingling deadline arrived last week. Liability for any payment fraud that results from acceptance of old-school plastic shifted to them.

The magnetic chips in EMV (Europay, MasterCard and Visa) cards will reduce in-store payment fraud, which affected 62 percent of companies, according to the 2015 Payments Fraud and Control Survey report from the Association of Financial Professionals, or AFP.

Ninety-two percent of the survey respondents believed EMV-enabled credit and debit cards would help reduce point-of-sale fraud.

EMV cards "are safer for two reasons -- they make the physical card harder to counterfeit, and instead of sending all your credit card information to a merchant when you buy something, they send a unique code that a hacker can't use if they find it," said Matt Schulz, senior analyst at CreditCards.com.

The code won't work if a hacker tries to use it to make a fraudulent purchase later, he told the E-Commerce Times. "It's like stealing an expired password."

EMV cards also make mobile payments processing safer, Shulz added.

How EMV Cards Work

EMV is an open standard set of specs for smart card payments and acceptance devices.

An EMV card contains an embedded microprocessor that secures payment transactions in three areas: card authentication, cardholder verification and transaction authorization.

EMV cards are personalized using issuer-specific keys.

EMV transactions create unique transaction data. Transaction authorization uses issuer-defined rules and works both online or offline.

Sauntering to Safety

Only 40 percent of MasterCards in the United States have EMV chips embedded, and just 26 percent of national and regional stores and restaurants with multiple locations have begun accepting such cards, according to MasterCard.

The outlook for the industry as a whole isn't good. Only 36 percent of U.S. credit card holders have a chip-enabled card, CreditCards.com found.

The eight US. Institutions making up the Payments Security Task Force, which represent about 50 percent of U.S. payment card volume, in June reported that only 30 percent of their credit and debit cards contained EMV chips.

The slow pace is the fault of card issuers, which "have prioritized their richest customers," CreditCard.com's Shulz remarked. "Those with an annual income of over $75,000 are more than twice as likely to have an EMV card."

Who's Gonna Pay?

To date, financial institutions and merchants have borne the cost of card fraud, but as of last Thursday, only retailers will be liable if they haven't installed EMV readers, or if they have installed them but aren't using them.

"If the merchant has installed the reader and has turned on the chip capability, the terminal will reject a transaction if a customer swipes a chip-enabled card," Visa spokesperson Jennifer Morris told the E-Commerce Times.

However, some customers won't use the EMV terminal even when it's there, noted John Gunn, vice president at Vasco Data Security.

That will change over time.

"Because EMV cards are nearly impossible to counterfeit, banks will prefer these as a means of verifying an identity over a state-issued driver's license, which is easier to fake," Gunn told the E-Commerce Times. "Magnetic strip card readers will eventually go away."

New Avenues for Fraud

Card fraudsters will change their tactics to get around the security restrictions of EMV cards, Gunn predicted.

"Hackers will come in with counterfeit EMV cards where they will disable the EMV chip and tell the merchant they don't know how the card got damaged," he hypothesized. "They'll ask the merchant to process the card using the magnetic stripe, which will still be on the new cards that are being issued."

EMV cards will reduce fraud in stores, but that could spark an increase in fraud in other areas. Gas stations don't have to upgrade to accept EMV cards until 2017, CreditCard.com's Shulz pointed out, and the chips won't have any effect on online transaction security.


Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.


NICE inContact February 12 webinar
How closely do you guard your online privacy?
I take every opportunity to control my data-sharing.
I usually don't share when prompted to choose but I'm not proactive.
I'm comfortable sharing my data with companies I trust.
I use a VPN, incognito surfing or other tech tools to improve privacy.
I don't know where to start, so I don't bother.
Privacy is not possible, so guarding it is a waste of time.
Amazon Advertising: Strategies to Drive Success
NICE inContact February 12 webinar