If you
haven't noticed, there's something strange going on with your credit cards and
debit cards. You might have suddenly had your bank re-issue every single one,
and the new ones have a shiny little square. And when you use them at certain
stores, you have to insert your card into the reader instead of swiping it.
If that
hasn't happened to you yet, it will. Those little shiny squares are called
EMV chips
and
they're already on 120 million cards in the United States. The deadline for
most retailers
and
card issuers to become compliant, as established by MasterCard, Visa, Discover
and
American
Express, was Oct. 1, so you're going to start seeing a lot more of them.
In
fact, some 600 million EMV cards will be in circulation in the U.S. by the end
of this year,
according
to the Smart Card Alliance. These chips are already commonplace in most of the
world,
with big-name financial institutions behind them, including American Express,
Discover,
JCB, MasterCard, UnionPay and Visa. (EMV stands for Europay, MasterCard,
Visa.)
These
companies have a lot of incentive to do a better job securing your card
transactions:
money.
In 2013 alone, criminals stole $2 billion in the United States
by duplicating the
information
on the standard magnetic strip found on the back of every card. That was a
100%
increase from the year before, according to research firm Aite Group.
Plus,
some of the worst credit card crimes in recent years exploited the payment
machines
where
you swipe your card. You remember when Target was hacked in 2013? Criminals
hacked
the in-store credit card readers to steal information from up to 70
million people.
Last
year, The Home Depot reported that criminals used that same method over a five
month
stretch to compromise credit card information from 56 million people.
EMV
chips are intended to make it a lot tougher for criminals to steal your
information, and
to
exploit retailers' payment systems. Here's how it works, and why it still
isn't as safe as you
might
hope.
EMV SECURITY
DRAWBACKS
The EMV
chip in your card protects you from criminals in a number of ways. If you've
tried
swiping
a credit or debit card with an EMV chip in it, you know that it doesn't work
with
standard
credit card readers, which read the magnetic stripe. The chip is different from
the
stripe,
and that includes the way your information is stored on them.
With a magnetic stripe, all your information
is coded on it. If a counterfeiter steals it and
copies
it, he can use your information over and over. However, the EMV chip doesn't
store
your
information. Instead, the computer chip creates a unique transaction ID each time
you
use it.
It uses encryption to securely hide your personal information, so even if
hackers get
the ID,
it's worthless to them.
Second,
in most of the world, credit card issuers require that people also input a PIN.
That's
commonly
referred to as the chip-and-PINmethod. It's a great way
for you to keep your
cards,
and information safe. When you use chip-and-PIN, the EMV chip creates a unique
ID
for
that transaction. On top of that, you have to unlock your card with your PIN.
Even if a
criminal
did get his hands on your card, he most likely would have a really tough time
getting
past
your PIN.
Note: Keep reading to find out why
the chip-and-PIN method may not do you much good in
the
United States.
Third,
some EMV cards use something called a near field communication (NFC) to make
financial
transactions. You wave your card past an NFC reader, or insert it into one and
your
money
is transferred using radio wave technology from your card to the retailer. In
order for
criminals
to steal your information, they'd literally have to be within a few inches of
you, and
have an
NFC reader with them. That's doable, but not something everyday criminals will
take
on. (Check out the Komando Shop for wallets that
protect your ID from this kind of
theft.)
While
credit cards and debit cards with EMV chips will do a better job of protecting
your
information
from theft, EMV for the moment is an imperfect system. Or, more precisely, it's
an
imperfectly executed system. Here's why:
1. While
the Oct. 1 deadline for retailers and credit card issuers to transition over to
EMV
cards
has already come and gone, most still aren't compliant. These cards will become
more
commonplace over the next two years, but that's a long time to leave customers
exposed.
In fact, automated gasoline pumps, one of the easiest places for thieves to
swipe
card
data, don't have to be compliant until 2017. Bonus:
Do you know the three places
where
using a card puts you at most risk? Find out
here.
2. The
chip-and-PIN method, where the EMV chip creates unique transaction codes and
you
also input a PIN to unlock your card, isn't really going to be used in the
United States.
At least
not as widely as it is elsewhere in the world. Here, you will most likely use
your EMV
cards
by inserting them into a reader or waving them over one, and then providing
a signature
instead of a PIN. That means the EMV cards will be safer than current cards
with
magnetic stripes, but not as safe as they can be.
3. If
you travel overseas, where the chip-and-PIN
method is used, you may run into some
problems
if you don't have a PIN. Plus, in the U.S., there will be a transition period
where
cards
have both a magnetic stripe (which will eventually go away) and the EMV chip.
You
may
find EMV readers in some countries may not read a card with both a stripe and a
chip.
4.
Criminals are clever, but you already knew that. If they steal your
EMV-equipped card and
use
it to make an online purchase or place an order over the phone, they don't
need to scan
your
EMV chip. It's called a card not present, or CNP transaction. It's
a growing problem in
countries
that use the chip-and-PIN method.
Despite
this, moving forward with EMV cards is a definite plus. It's about time
cardholders
and
retailers took security seriously.
Have
you had your cards replaced with EMV cards, or seen the new readers at
retailers?
Let us
know in the comments your experience with them and if they make you feel safer.
No comments:
Post a Comment