Beginning October 1, 2015, newly issued credit cards must be equipped with EMV-compliant chips. There is a lot of misinformation surrounding these new chips, ranging from inaccurate representation of the requirement drivers to all-out conspiracy theories that this is the beginning of the end of Western culture. The facts on the new EMV requirements are much more mundane with almost no tangible effect on the consumer. Here are just a few of the changes:
More of a Shift Than a Requirement
There is no government entity mandating new or updated policies for credit card safety. Instead, this shift is coming from financial institutions based on existing liability laws. EMV stands for Europay, MasterCard and Visa, the three largest financial networks in the world.
Before October 1, the liability for fraud fell on the bank, going under the assumption that it could have done more to verify the veracity of the buyer’s identity. The new requirements, which center around a specially designed microchip and related software embedded into the new cards, shift the liability to the vendor. It is now the store’s responsibility to verify identity since the card transaction is assumed to be unique every time. It is now incumbent on the retailer to be certain that its POS systems are 100 percent EMV-compliant to avoid loss from fraud. In addition, businesses need to make sure their EMV readers and accounting solutions are compatible. Online accounting software, like Sage One, is capable of integrating with over 12,000 types of institutions, so it can work with their EMV readers and protect their consumers from credit card fraud.
Strip to Chip
The pre-October credit cards used a magnetic swipe strip that contained the credit card information and the associated accounts. When consumers swiped the card, the system collected this information and requested a transfer of funds and a debit to the account. If someone wanted to steal this information, they only needed to get this strip information from old receipts or a card swipe capture hidden within the detectors of ATM and POS machines. With that, they could process these requests at any time and from anywhere.
The new chip carries the same information, but it includes a unique identifier code that is specific to each transaction. Even if a thief were to get ahold of this code, it would only work one time before the account information was reorganized and not linked to the user’s account. All of the deciphering happens at the EMV provider level and not at the vender stage.
Debunking Myths
Credit and credit cards have been a source of conspiracy theories for some time now. NASDAQ, the second largest stock exchange in the world, has a page on its website devoted to debunking these theories of credit and credit card control over the human population. These myths range from a belief that the government wants to control the population through accumulated debit to the EMV conspiracy that says this is the first step to electronically tagging humans. Some conspiracy theorists claim that RFID technology for mandatory human implants is the next step. In reality, the chip technology being used by credit cards is nothing like RFID technology like that being used to chip a pet. As a matter of fact, the impact on consumers is nearly nonexistent.
The shift from credit card swipe strips to EMV chips is to protect businesses from risk and consumers from fraud. Although these changes aren’t large and noticeable, they should make the marketplace more secure for everyone.
[su_box title=”About Paul Reyes” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.