What makes EMV cards more secure?

The world of payments can be complex, and we usually only glimpse the top level of it. One thing you may have spotted in 2015 was the shift in the U.S. from swiping cards to inserting cards in a POS system. 

The “chip-and-PIN” replacement called EMV (Europay, Mastercard and Visa) happened for two main reason: it’s more secure and the major credit card companies transferred the liability of fraud from their companies to business owners who don’t have EMV. Before we dig into EMV let’s explore how magnetic stripe cards work.

A magnetic stripe card stores the digital data needed to make payments. For a while, this method was secure and inexpensive—as well as fast when checking out. It relies on “security through obscurity,” which means it keeps your payment data safe by keeping its internal design architecture confidential. But, over time, the equipment needed to read and write these stripes and have access to the payment data became too easy. Access to this equipment removed the “security through obscurity” protection as people were able to access the internal design architecture and replicate it. In other words, cards were easily read and reproduced in counterfeit cards. And with this widespread availability, fraud increased, and the security promised by these cards was at an all-time low.

In the meantime, Europe was quick to adopt EMV chip technology as this method provided another level of security to their credit card transactions that solves all the issues that the traditional magnetic stripe card was facing. Adoption across the US took a long while due to the expenses involved and the changes it brought for the user, causing a delay in customer acceptance. In the end, the benefits of superior fraud prevention overweighed any lingering concerns and EMV has become the norm for many businesses for the past five years.

Similar to a magnetic stripe, EMV chips holds information needed to process a payment. But chip cards contain more information and all the data is encrypted on the microchip. The encryptions keep criminals from being able to use data reading devices and technology to steal the cardholder’s information. In order for this to work, the point-of-sale (POS) system where the card is used needs to be equipped with the ability to read and communicate with the microchip.

How does this encryption work? Each card produces a unique ‘token’ (code) for every transaction. This token is what is transmitted as opposed to the cardholder’s actual information. On the customer side of things, EMV technology is fairly simple. Instead of swiping, you “dip” your card into the EMV reader rather than swipe the magnetic stripe—although consumers can use either.  

In 2019, Visa reported an 87% decrease in counterfeit card fraud resulting from EMV adoption in the US. It seems fairly cut and dry that EMV is the better security technology to protect cardholders, so why had it taken so long for the U.S. to accept this as a standard?

Five years ago, the largest card issuers (Mastercard, Visa, American Express and Discover) announced that merchants and issuers who didn’t support chip technology by Oct. 2015 would be liable for any counterfeit fraud. This doesn’t mean that these merchants and issuers would necessarily have to invest in chip technology. Simply put, if a customer has a chip card but the merchant does not have a terminal certified for chip card acceptance, then the cost of any fraudulent transaction would be the merchant’s responsibility.

This may not seem like a huge deal, but into the past the card issuer would just absorb the loss, and merchants didn’t see any impact.

Lacking the big picture impact, combined with the cost and time it takes for a business to become EMV compliant, has led to merchants dragging their feet in the adoption process. One of the biggest areas of delay are convenience and fuel stores. Nearly one-third of all operators have no EMV-ready pumps available, all citing the same three issues: software, certification and cost.

Recently, COVID-19 has created a new obstacle in EMV adoption by affecting their cash flow. Ironically, EMV-compliant terminals would allow customers to make touch-free purchases using near-field communication payment options. 

The bottom line: EMV reduces fraud. In 2016, only a year after the EMV liability shift, MasterCard reported that fraud decreased by 60 percent in terms of dollars among its top five EMV-compliant merchants. And with card issuers pushing responsibility to those who haven’t adopted EMV technology the question is why not transition over to EMV?

While the idea of investing in EMV can seem daunting, the Manta survey reports that 77 percent of small business owners who have moved to EMV said the transition went smoothly. And the reality of the liability shift is that business owners could face even higher costs that come with fraudulent charges.

In addition, upgrading to EMV opens up the opportunity for endless add-ons and the newest EMV-compliant terminals support mobile purchases. Which means that this technology will not only save businesses money, and protect their customer’s card data, but it will also improve customer experience overall.

Though COVID-19 has caused a shortage of cashflow (in some areas of the world) and, consequently, slowed the adoption of EMV, it’s important for businesses to put investing in EMV at the top of their priority list in order to continue to keep operating costs low and fraud at bay.

On a final note, although EMV cannot protect consumers from all data breaches—like card-not-present fraud (purchases made online, by phone or through mail order)—it’s a strong deterrent to fraudulent activity and will continue to shape the future of payment processing, both across the U.S. and the world.