Perhaps you can remember back when you got your first computer let’s say around 20 years ago? How about your first cell phone? Was it a flip phone just making phone calls? How well would your old computer work today assuming it was still available? Of course it could not do much in the world today. In a similar way this is the problem with the credit / debit cards we are using today. It is a technology from the 20thcentury, operating in a much advanced 21st century. The magnetic stripe card we use today: the technology was developed back in the 1960’s and the ability to apply it to a plastic card came about in mass production in the 1970’s. The data from these cards can be easily copied and reproduced to another plastic counterfeit card. Until the “owner” of the card realizes the card data was stolen, the card can be used to purchase items. Typically the fraudsters will resale these items for cash.
Since then new technology has been developed to make it much harder, if not impossible to replicate cards that can used in advanced credit card device readers. It is known as EMV. This payment security standard was developed by Europay, MasterCard, and Visa in 1994, hence “EMV”. In the mid-1990s, EMV-compliant payment cards began to be issued and EMV-compliant POS terminals began to be installed in countries around the world. While different markets have migrated to the EMV standard at different speeds, the U.S. has been the one major international country not adopting the standard. Since 2011, however, the global card networks that first created EMV have renewed their push to bring the EMV standard to the United States. Some ask why has it taken the US so long to adopt this or any new standard with a more secure technology than we use today? The answer is not clear, however, in my opinion; the best reason is until recently it was less costly for the banks to absorb the fraud losses than to pay for the new more costly technology. What seldom gets mention if at all about fraud loses is much of theses cost can ultimately hit the original accepting merchant that unknowingly took the counterfeit card.
An EMV card resembles the current magnetic-stripe cards with one significant difference, the EMV “chip” or microprocessor that is embedded in the card.EMV protect against duplicate card fraud. Unlike a magnetic-stripe card, an EMV card is not swiped through a reader. Rather, it is inserted into a slot on the terminal. When the EMV card is inserted, a metal contact on its face connects the card to the terminal and the two devices are then able to communicate. While the EMV card is used for a transaction and during the communication process for an approval response from the issuing bank, there is new dynamic CVV code used in the authorization request. This dynamic CVV changes for each transaction. It is validated against what is expected at the host. The result is the primary account number is static yet data changes on each transaction. The problem that EMV will not help against fraud is in a card not present environment such as goods sold on a website.
Although EMV it is not a magic bullet, it is far better then what we have today. For example card fraud in the U.K. began to drop following EMV implementation. But in 2008 and 2009 fraud losses began to rise, driven mostly by card not present transactions and cross-border fraud initiated with counterfeit cards using information captured from legitimate cards’ magnetic-stripe. After more countries had adopted EMV, card not present transactions and cross-border fraud losses fell. During the first six months of 2010 the same period the previous year. Since its adoption in the European countries, and the U.K. in particular, EMV has effectively eradicated face-to-face counterfeit card fraud in card payments. Consequently, the U.K. case study has significant implications for U.S. merchants since it highlights the tangible reduction in fraud witnessed in a country following EMV migration.
Although many merchants may be skeptical of EMV migration given the significant upfront costs of upgrading payment acceptance terminals, over the long run merchants and the industry as a whole will benefit from a reduction in fraud. The magnetic-stripe is no longer able to fend off fraudsters armed with low-cost magnetic-stripe readers, card-duplication gear, and Internet-sourced card data that can be entered into the payments system without strong account holder authentication. The result has been an outbreak of card skimming that has cost the payments industry and merchants millions of dollars.
The fact that merchants in both Canada and Mexico are mostly compliant with EMV standards makes merchants in the U.S. very vulnerable to fraud. As the rest of the world moves toward EMV, merchants in the United States will be at greater risk of fraud until they install EMV-compliant POS terminals and banks issue EMV cards.
First Coast PAYMENTS BLOG
We eliminate the junk fees others charge.