Over the last couple of years, you have most likely seen this major addition to your credit cards and debit cards. You might have suddenly had your bank re-issue every single one, and the new ones have a shiny little square. And when you use them at certain stores, you have to insert your card into the reader instead of swiping it.
Those little shiny squares are called EMV chips and they’re already on almost 400 million cards in the United States. That means, currently, three out of four cards in the U.S. are already chip-enabled.
Chip-enabled cards are already the standard in most of the world, with big-name financial institutions behind them, including American Express, Discover, JCB, MasterCard, UnionPay and Visa. (EMV stands for Europay, MasterCard, Visa.)
These companies have a lot of incentive to do a better job securing your card transactions: money. In 2016 alone, experts projected that $4 billion in the United States will be stolen by criminals duplicating the information on the standard magnetic strip found on the back of every card.
Plus, some of the worst credit card crimes in recent years exploited the payment machines where you swipe your card. You remember when Target was hacked a few years back? Criminals hacked the in-store credit card readers to steal information from up to 70 million people. Same with The Home Depot where criminals used that same method over a five-month stretch in 2014 to compromise credit card information from 56 million people.
EMV chips are intended to make it a lot tougher for criminals to steal your information, and to exploit retailers’ payment systems. Here’s how it works, and why it still isn’t as safe as you might hope.
The EMV chip in your card protects you from criminals in a number of ways. If you’ve tried swiping a credit or debit card with an EMV chip in it, you know that it doesn’t work with standard credit card readers, which read the magnetic stripe. The chip is different from the stripe, and that includes the way your information is stored on them.
With a magnetic stripe, all your information is coded on it. If a counterfeiter steals it and copies it, he can use your information over and over. However, the EMV chip doesn’t store your information. Instead, the computer chip creates a unique transaction ID each time you use it. It uses encryption to securely hide your personal information, so even if hackers get the ID, it’s worthless to them.
Second, in most of the world, credit card issuers require that people also input a PIN. That’s commonly referred to as the chip-and-PIN method. It’s a great way for you to keep your cards, and information safe. When you use chip-and-PIN, the EMV chip creates a unique ID for that transaction. On top of that, you have to unlock your card with your PIN. Even if a criminal did get his hands on your card, he most likely would have a really tough time getting past your PIN.
Note: Keep reading to find out why the chip-and-PIN method may not do you much good in the United States.
Third, some EMV cards use something called a near field communication (NFC) to make financial transactions. You wave your card past an NFC reader or insert it into one and your money is transferred using radio wave technology from your card to the retailer. In order for criminals to steal your information, they’d literally have to be within a few inches of you and have an NFC reader with them. That’s doable, but not something everyday criminals will take on.
While credit cards and debit cards with EMV chips will do a better job of protecting your information from theft, EMV for the moment is an imperfect system. Or, more precisely, it’s an imperfectly executed system. Here’s why:
1. While most cards are chip enabled, a lot of retail point-of-sale systems still don’t have their chip-readers enabled, leaving their customers exposed. In fact, automated gasoline pumps, one of the easiest places for thieves to swipe card data, don’t have to be compliant until October 2020. Bonus: Do you know the three places where using a card puts you at most risk? Find out here.
2. The chip-and-PIN method, where the EMV chip creates unique transaction codes and you also input a PIN to unlock your card, isn’t really going to be used in the United States. At least not as widely as it is elsewhere in the world. Here, you will most likely use your EMV cards by inserting them into a reader or waving them over one and then providing a signature instead of a PIN. That means the EMV cards will be safer than current cards with magnetic stripes, but not as safe as they can be.
3. If you travel overseas, where the chip-and-PIN method is used, you may run into some problems if you don’t have a PIN. Plus, in the U.S., there will be a transition period where cards have both a magnetic stripe (which will eventually go away) and the EMV chip. You may find EMV readers in some countries may not read a card with both a stripe and a chip.
4. Criminals are clever, but you already knew that. If they steal your EMV-equipped card and use it to make an online purchase or place an order over the phone, they don’t need to scan your EMV chip. It’s called a card not present, or CNP transaction. It’s a growing problem in countries that use the chip-and-PIN method.
Despite this, using your card’s EMV chip is still safer than swiping its magnetic strip and total adoption should be the goal moving forward. It’s about time cardholders and retailers took security seriously.
Do you like the increased security these EMV cards offer to the consumer? Let us know in the comments your experience with them and if they make you feel safer.