Monday, September 28, 2015

The Chips Are Down

By now, most consumers who use credit cards have found that replacements for their old plastic have arrived with embedded chips in them. And most merchants have been receiving a barrage of calls for months from processing companies trying to convert them using the need for new chip-enhanced terminals as a selling point. A recent article in the NY Times highlighted the issue. This is a real thing that merchants and consumers alike need to pay attention to as the United States catches up to most of the rest of the world regarding the security of credit and debit payment systems.

Why This Is Important

Fraud protection is one of the main reasons that the chip is an important addition to the credit card. Stripes contain easily duplicated magnetically encoded information about the card and the card holder. For this reason, it has been very easy for criminals to steal this information using a small swiping mechanism and subject consumers to identity theft. These tiny devices have been embedded in the payment terminals built into gas station pumps, or used by waiters or waitresses at restaurants who take the card in order to swipe it in a payment station out of view. There are plenty of ways that the information can be stolen off of a magnetic stripe. But not so easily from a chip.

The main reason is that the chip is actually a small computer with encoded data that must communicate with a distant server in order to authorize the charge or debit. It does this by changing its code every time it is used. This may sound complicated, and it may take a second or two longer than swiping a magnetic stripe does, but it offers a nearly impossible to steal or duplicate transaction process. This is why card brands adopted the chip years ago virtually everywhere else. The USA is always a bit slow to catch up on this sort of technology due to the heavy regulations in place for all things financial and the reticence of major companies to engage in huge spending upgrades any earlier than they have to. But the benefits are going to be huge with regard to identity theft.

What This Means To Merchants

The basic thing that merchants need to be aware of is that they will now be responsible for identity theft issues that come from using duplicated magnetic stripes. If a cardholder provides a striped card, the merchant must verify the cardholder's identity or risk being liable for the transaction. This should be standard protocol anyway, but the processing companies are offering cheap or free upgrades to chip-enabled terminals to specifically avoid the costs associated with identity theft and they are going to be very serious about ensuring that merchants use this new tool. On the flip side, the protections involved with chip-based transactions should be higher than the old ones were with the stripe-based transactions.

3 comments:

  1. Very good blog post. I think the EMV requirements are a great way to educate merchants about fraud. But check out data on from Shaw Merchant Group at http://www.shawmerchantgroup.com - also let me know if you are interested in doing a guest post on this website. Thank you Jeff!

    ReplyDelete
  2. Scott -- great to hear from you. Love your web site, by the way. You have some really good information there. I'd love to do a guest post for you at some point (a little overbooked this month), so shoot me an email if you want to set something up.

    ReplyDelete
  3. Thank you for sharing such great information. It has help me in finding out more detail about Credit Card!

    ReplyDelete