What do Target, Home Depot, Jimmy John’s, Dairy Queen, UPS and Sally Beauty Supply all have in common? They belong to the ever-growing list of large retailers whose credit card information and customers’ vital data has been breached in the last year. They are not exclusive members of the club as there are many more retailers who have been hit in the last several years. Have you ever wondered why the hackers all seem to be from a foreign country? Why don’t they hack their own stores? The major reason is that foreign retailers have been using a process called EMV® (chip and pin) technology for at least 10 years. This process puts a huge halt on data breaches. The U.S. is now geared to join the EMV groups.
"Have you ever wondered why the hackers all seem to be from a
EMV stands for Europe, MasterCard and Visa and as stated has been working across the pond for many years. When fraudulent charges and cash withdrawals are made in the U.S. today, the card holder is not liable for the loss. Most of the time merchants are not liable. The card issuers are the ones who have been eating millions of dollars in losses each year. They have put down their forks and decided they aren’t going to continue to eat the losses. European retailers and banks have worked out the kinks and U.S. banks are ready to roll it out.
So what is the big difference? That magnetic stripe on the back of your credit or debit card holds a wealth of information. Crooks are not stupid. They have found a multitude of ways to un-encrypt the data and replicate it on bogus cards. Not only that but there is information on millions of consumers on whom they can apply for new cards with large credit lines. The consumer has no idea this has happened until he goes to use his credit rating and discovers the fraudulent cards.
Enter the chip-and-pin. Where the information on the mag stripe is stagnant, the information encrypted into the chip continually changes. When a consumer uses his or her card to make a purchase the EMV technology will issue an encrypted token. You will hear the term ‘tokenization.’ This is a one-time deal – use it or lose it. That token is sent to the credit card processor to be read and it can only be used once. If a crook did get the data, use of that particular token would be denied. Plus he would not have any confidential information.
For the consumer very little is changing. The wait time for processing may take a few seconds longer. Also, rather than swiping the card through the scanner the customer will insert it into a special slot where it will remain throughout the transaction. The consumer will be asked to enter a six to eight digit pin number, similar to a debit sale or ATM withdrawal.
To accommodate all consumers at the beginning, many merchants will also accept signatures rather than pin numbers. As the system continues to roll out, fewer and fewer stores will accept signatures. Allowing a signature lets a customer use his older mag stripe card until a new EMV card arrives.
As mentioned previously, EMV technology has been used in Europe for many years. Tourists and business travelers that are still using a mag stripe card may have difficulties finding outlets that still accept them.
On the merchant side things get just a little more involved. The merchant must have the proper terminals in place by October 1, 2015. Some already have terminals that will accept the EMV cards. Others do not. This means the do not’s have to lease or purchase new equipment by the deadline. However, for the time being they will still be able to accept the mag stripe cards. But there is a caveat. Prior to October 1, 2015 the merchant is not held responsible for a fraudulent charge. After October 1 he will be the one who has to pay the Piper. The reasoning behind this decision is that if he had leased or purchased the equipment as mandated by Visa and MasterCard the sale would not have been approved. Therefore he is responsible.
"Tourists and business travelers that are still using a mag stripe
card may have difficulties finding outlets that still accept them."
There will be a few delays in the process. Those consumers who have cards that are expiring before October 1 will be the first to receive the new EMV cards. Then they will slowly go out to the rest of the consumers. Also, banks need to install software that speaks with the EMV technology and this could take a little longer. But it will be worth the wait.
The newer cards will have both the magnetic stripe and the EMV chip. This is to allow sales at merchants where EMV terminals have not been installed. Call it the honeymoon period. To determine if it is an EMV terminal the customer will enter the card into the chip reader slot. If it signals an error then it should be swiped has it has been in the past.
Neither the consumer nor merchant needs to worry about where the EMV originated or whether there is a difference in the quality and safety of one card over another. The card associations and issuers have gone over the options with a fine tooth comb. They have spent millions on a system that will save them even more over time. They are not going to be pinching pennies when it comes to security.
"The likelihood of identity theft from a security breech on [your]
credit card will be greatly reduced."
What the customer should take away from this knowledge is that the likelihood of identity theft from a security breech on his credit card will be greatly reduced. Merchants should be happy that they will not see charge backs from fraudulent use of credit cards. Larger retailers should see a dramatic cut-back in data breaches. Everyone wins.
Creditcards.org is a credit card comparison site. We have been providing our customers with the best credit card offers available since 2010. If you are looking for a new credit card, visit us here