Last week, I wrote an article that explored the dangers of Internet hackers and found out just how easy it is for your online information to be stolen. This week, while examining another scary zone for hacking, credit cards, I actually have good news to report: the U.S. is getting ready to amp up its credit card game with Chip and PIN Europay, Mastercard and Visa (EMV) technology. It’s happening soon and many aren’t even sure what this means for them as credit card users.
Currently, credit cards used in the U.S. have a magnetic stripe, that black strip on the back of your card. The strip, which contains all the consumer’s account information in an unencrypted format, is currently all that’s needed to make a purchase in the United States. Sure, sometimes a notice will come up on the cashiers screen saying “check signature” or a message that sends “hand card to cashier”. But often cashiers in the U.S. ignore these sort of messages and many, especially small business owners, consider them to be a hassle. As a result, there’s very little tech right now protecting your credit card from fraud. If someone skims the information on yourmagnetic stripe or even your actual credit card, its incredibly easy for criminals to make purchases with no questions asked. Unfortunately, I’ve already had my credit card information stolen numerous times, and it’s not a fun process trying to change all your account information and call up your bank.
However, starting this October, the U.S. is looking to make using credit cards less risky by implementing this EMV technology. The new credit cards, which have been mandated by an executive order from President Obama, will include a microchip and require consumers to enter a personal identification number (PIN) to complete a purchase. The technology enhances security by ensuring encryption of your credit card’s information that can only be verified with your PIN.
In comparing our current credit card technology to the EMV cards, Chris Camejo, director of assessment services for NTT Com Security, puts it in laymen terms: “Magnetic stripes contain data that is simply read by a swipe terminal as the card passes through, similar to reading a very short piece of a VCR or tape cassette,” “Rather than just reading data off of the card, the [EMV] terminal sends transaction data to the chip, which processes it with the cryptographic keys and then returns the data to the terminal.” (U.S. News, Coming Next Fall: More Chip and PIN Cards in the U.S., 10.28.14)
The Chip and PIN credit card provides consumers with an extra layer of security so to speak—security which is clearly needed. In the past few years credit card hacking has been on the rise and there have been huge credit card breaches at major reatilers such as at Target, Home Depot, and Dairy Queen. Credit card breaches have affected hundreds of millions of Americans in recent years. (Krebs on Security, 2014-2015)
The Chip and PIN credit card is nothing new, and in fact, has been used in Europe and many parts of the world for over a decade, helping to reduce the amount of fraud taking place. Here are some quick stats since the introduction of EMV technology: In the U.K. a 56 decrease in fraid, in Australia counterfeit fraud is down 38 percent and in Canada there has also been a significant 49 percent drop in fraud since the introduction of EMV. (Credit Cards.com, “Online fraud may surge after EMV chip card rollout,” 11.19.14)
By October 2015, it is predicted 70 percent of Americans will have EMV cards available to them. However, the introduction of the technology to the United States is estimated to cost billions of dollars in having to upgrade all purchasing technology to support the new encryption technology. The price tag is predicted to cause the EMV rollover to take years to be completely implemented. But, retailers are feeling the heat to make the EMV switch sooner rather than later as in October 2015, card companies are shifting liability onto retailers for any sort of fraud relating to signature-based transactions if they haven’t upgraded to the chip technology at that point in time. (Forbes, “Is The US Finally Acceleratinsg A Move To Chip And PIN?,” 10.21.14) It should be noted though that if retailers have not switched over by the time and consumers already have the new cards, they will not be effected. Consumers can simply swipe the E.M.V card’s magnetic strip like they would with a non-EMV credit card; they will just not have the extra encryption security during their transaction. (U.S. News, “Coming Next Fall: More Chip and PIN Cards in the U.S.,“ 10.28.14)
While the introduction of this technology is predicted to vastly eliminate identity theft in regards to in-person purchasing, online purchasing risks for an individual are not affected by the change. However, in general it is predicted that online purchasing fraud may increase with implementation of the EMV technology in the U.S., as fraudsters are expected to turn to The Internet for more hacking. Brian Krebs, a journalist and well known investigative reporter, has been vocal with these predictions saying, “Fraud doesn’t go away, it just goes somewhere else, and that somewhere else is always online. The thieves can still steal the card number and expiration date, which still can be used online. So that’s generally what will happen. We’ll see a pretty big uptick in card-not-present fraud.” (Credit Cards.com, “Online fraud may surge after EMV chip card rollout,” 11.19.14)
Clearly, EMV technology is not going to solve all of our issues with credit card fraud, just as it has in other countries. It is just unfortunate that it has taken the United States so long to implement technology that has been working in other countries for more than a decade. I, personally, am excited for the new cards and am intrigued to see how retailers handle the change. It might be a mess in transition, but hopefully it benefits millions by reducing fraud.
—Delaney Fischer ’15 is a neuroscience major.