Credit cards with an embedded chip, also known as a chip card or EMV, have finally hit U.S. shores. Chip cards have been in use in Europe and other countries for decades, with users enjoying the highest form of credit card security. The use of chip cards in the U.S. has only taken hold within the last few years, and it’s only recently that card-issuing banks and merchant service providers started to use them. At one point, there was talk about making it a federal law that all credit card systems and vendors move to the use of chips in credit cards.
However, the federal government decided against making a mandate for their use, preferring to allow the credit card industry to make the move instead. As a result, the new card readers and credit cards are slowly making their way into stores and the wallets of consumers. Some cards get replaced with chip cards as they expire. Other card issuers prefer to make the transition before the cards expire. As a result, there is a mix of both chip and swipe cards in consumer wallets. Merchants have to be prepared to accept both types of cards at any given time.
What is an EMV Card?
Image via Flickr by Aranami
EMV is short for Europay, MasterCard, and Visa. It’s a microprocessor embedded into the credit card and contains all of the relevant information for the card transaction. The chip is the highest form of security and lowers fraudulent card present transactions. Some cards require the use of a PIN or a signature, depending on settings embedded into the card or the merchant service provider’s card processor.
The significant difference between an EMV and a magnetic stripe card (mag stripe) is that one is dynamic while the other is static. Information on the chip is dynamic and always changing, while the mag stripe is static and never changes. The lack of changing information on the mag stripe means it’s very easy for a thief to clone the information. On a chip card, the data keeps changing, and card readers are unable to take the data through traditional means of theft.
Merchants May Bear Responsibility for Chip Card Transactions
Chip cards still come with magnetic stripes, but merchants are expected to have terminals that are capable of accepting a chip card. In the event, a customer presents a chip card to a merchant that is not equipped with a chip card terminal, and the transaction winds up being fraudulent, the merchant may be liable for the fraud. The merchant service provider gets hit with a fee for a fraudulent card, and in turn, the provider has the option to pass the cost onto the merchant.
In the event a card with a fraudulent magnetic stripe gets used at a chip card terminal, the card issuer bears liability for the fraud. The merchant may be absolved of responsibility in this situation. Eventually, all credit cards are to be phased out entirely, which means that accountability and liability are going to shift again.
The Impact on Over-the-Phone Transactions
Over-the-phone (OTP) or online transactions don’t require a chip for card-not-present transactions. It’s expected that fraud in this area of e-commerce credit card processors will rise due to thieves being unable to clone physical credit cards. While the CVV and AVS (card verification value and address verification system) are the strongest tools that merchants have at their disposal, it’s not recommended to rely upon the information as security against fraud. Card processing systems between the merchant and card-issuing bank have fraud detection protocols built in, which means merchants can safely rely on them for the final say on card validity.
What Can a Merchant Do to Keep Up?
Merchants who use physical terminals need to get a chip reading terminal as soon as possible if one hasn’t been delivered already. Contact your merchant service provider to find out what should be done to obtain a terminal, then start using it as soon as possible.
Merchants now have a new tool to combat credit card fraud. Keeping current with chip card technology and protecting customer data means less theft, happy customers, and less time spent dealing with the aftermath of a fraudulent transaction.