In this heightened era of data breaches and identity theft, banks in the U.S. are rolling out credit and debit cards embedded with computer chips to increase fraud protection. The new cards, currently in use in Europe and in other countries, will ultimately replace the outdated magnetic stripe that has been the data exchange system used on credit cards for decades. The vulnerability of the magnetic stripe, which is used to store sensitive data, is that this information can be duplicated and reused by identity thieves to create counterfeit cards. In contrast, chip technology, referred to as “EMV” (EuroPay, MasterCard and Visa), or “smart cards”, modifies data in such a way as to render the card unusable after each transaction. However, full protection, considered to be the use of both ‘chip and PIN’ applications won’t be available until late next year or perhaps in 2017. Merchants at the retail level must also update their ‘Point of Sale’ (POS) systems (card reader machines) with EMV technology or risk liability in the case of fraud. While many large retail outlets have already converted to EMV, more transition time is needed for smaller merchants. Until this happens, the present rollout of EMV cards still has the magnetic stripe so as to not interrupt the exchange of goods and services. The U.S. is the largest and last of the major world markets to transition to this safer technology.
When will ultimate protection kick in?
- First generation EMV chip cards, presently in circulation, will protect information on cards if hacked or taken in a data breach. However, since these cards still have the magnetic stripe, the
same threat of theft exists if the cards are lost or stolen. A signature is still required.
- Second-generation cards, scheduled for release in 2016, will no longer have the magnetic stripe. This will offer greater protection from thieves who attempt to create counterfeit cards. This second rollout will still require a signature at the Point of Sale.
- The final rollout or third generation cards will replace the signature feature with a PIN. Just like standard debit cards, the PIN code is known only to the card owner. By present day EMV standards, chip and PIN provides the optimum protection against fraud and identity theft.
What about on-line or telephone card transactions?
- Since ‘Cards-Not-Present’ (CNP) cannot interface with EMV technology, greater pressure will be placed on businesses that accept remote card transactions to come up with stronger safety
protections, or risk liability. And there’s reason for concern. Based on trends reported by countries who upgraded to EMV years ago, criminals who could no longer access EMV-protected
information have shifted their focus to the less secure CNP entry points, so consumers still need to be vigilant.
Debit cards got a later start in transitioning to EMV technology but are the next cards to come on line. Gas pumps have until October 1, 2017 to make the change-over to EMV technology, and ATMS are currently in the process of converting.
18th Judicial Consumer Protection Line: 720-874-8547