‘Chip and pin’ credit cards are vulnerable, too

Have you received your new or reissued credit card with a chip that stores your credit-card data? The cards have a square, gold or silver metallic-like image.

If we believe recent news reports, these “smart” chip embedded cards will help stop the growing cascade of ID theft victims. Unfortunately, it doesn’t appear to be working.

Contrary to those reports, the roll-out of the new EMV (Europay MasterCard Visa) chip card actually will increase “new account fraud” and “account takeover” by 90 percent over the next four years, according to Javelin Strategy & Research.

The new cards will help reduce in-person card fraud, but online transactions will disturbingly more than make up for this as ID-theft criminals take advantage of EMVs web weaknesses. However, if you’re a business, look out for the coming “liability shift.” More on this later in the column.

Javelin Strategy said that card-not-present fraud losses totaled $10 billion in 2014 but will jump to $19 billion in 2018, according to its 2015 Data Breach Fraud Impact Report.

For years, the traditional credit card with a magnetic-stripe has been the target for ID-theft criminals. Those cards store data in the stripes that does not change and is easy to copy or steal. “Skimming” of credit card data from ATMs, gas stations and restaurants has been a major problem for years.

The EMV-chip card technology includes the following protections and features:

– EMV-chip cards generate a one-time encrypted code for every transaction.

– Cardholders will verify their EMV card purchase by entering a PIN or a signature.

– The chip-embedded cards are inserted into a point of sale terminal and uses a one-time encrypted code that replaces your credit-card number.

– If the issuer requires a PIN (personal identification number) and the POS terminal is capable of accepting a chip PIN, then a signature is not necessary.

– If the POS terminal does not accept a chip PIN, then signature verification will work.

So far, the credit card industry (i.e. American Express, Discover, MasterCard, and Visa) are allowing signature verification instead of requiring a chip PIN as the retail business sector prepares for the Oct. 1, 2015 deadline for EMV adoption to comply with the new credit card standards and technology in the U.S.

Small- to medium-size businesses, beware! As the EMV cards become common in the U.S., look out for the coming “liability shift” as credit card issuers have stated that if your business is not supporting the EMV technology then your business could be liable for fraudulent transactions.

Mark’s most important: Added secure card technologies like the EMV chip, though beneficial, won’t stop ID theft criminals completely. so be vigilant. Businesses, now is the time to get ready for EMV to avoid being stung by the “liability shift.”

Source: AZ Central

. . . . . . . .

Leave a Reply