Today is the deadline for US retailers to switch over to a payment technology called EMV. That means you’ll have to start verifying your credit card with a chip, as well as a swipe. We talked to payments industry experts about how EMV works, what’s happening today, and what it means for the average shopper.
Sourced through Scoop.it from: gizmodo.com
EMV stands for “Europay, MasterCard, and Visa,” which are the three companies that originally developed the specifications for the technology. Today it’s supported by several other companies, including Discover, American Express, and UnionPay, through an organization called EMVCo. EMV cards have microprocessor chips inside which make it harder for anyone to steal your account information while you’re making a payment. On the credit cards we’ve all used in the US until now, the card number was stored on the magnetic stripe on the back side of the card. When you swipe the card at the checkout, the checkout terminal reads your card information from that stripe and then sends it through a network to have the money moved from your account to the retailer. That number is static, which means that it’s always the same number for every transaction — which makes it relatively easy for fraudsters to hack the terminal or the network, steal your card number, and use it elsewhere. But the microprocessor chip in your EMV card generates a unique code for every transaction. Even if a criminal manages to grab the code from the store, it’s mostly useless because it won’t work a second time, and it can’t be traced back to your real card number.
“It has the same information as the magnetic stripe on your old card, but creates a unique code that gets reorganized with each purchase,” explains John Krauss, Discover’s senior manager for card payments and reissuance strategy. “The code generated takes into account numerous different variables and is not linked to a cardmember’s account.”
Today, October 1, is a deadline for the EMV switchover that the payments industry has given to retailers. After today, retailers who don’t accept EMV payments may be responsible for the costs of what’s called “counterfeit fraud.” That’s a type of credit card fraud based on stealing credit card numbers — by hacking a checkout terminal, for example — and using them to make copies of the victims’ card. Before today, credit card companies took responsibility for fraudulent purchases. If someone stole your MasterCard number and used it to buy $500 worth of shoes, MasterCard — not you and usually not the store — would cover that cost. After today, if stores don’t accept EMV payments, it’s up to them, rather the card company, to cover the cost of counterfeit fraud. If stores accept EMV payments, the credit card companies still accept liability for counterfeit fraud. That’s true even if the store accepts EMV payments, but also accepts magnetic stripe payments, and one of those magnetic stripe payments turns out to be fraudulent. The technical wording from Visa is, “The party that has made investment in EMV deployment is protected from financial liability for card-present counterfeit fraud losses on this date. If neither or both parties are EMV compliant, the fraud liability remains the same as it is today.”
Basically, the credit card companies have decided that magnetic stripe transactions are so vulnerable to counterfeit fraud that they don’t want to be responsible for that liability anymore, but they believe EMV is secure enough that they’re willing to be liable for its much more limited risk. The result, according to most of the major players in the payments industry, is better protection against counterfeit fraud. “This process makes chip card information more difficult to steal and therefore makes a chip card more difficult to counterfeit, said Dina DeMerell, executive director of payments security at Chase Card Services. And, despite some conspiracy theories, it’s not any kind of tracking chip.