My first experience with EMV—EuroPay, MasterCard and Visa—happened at a little sub shop in a tiny Colorado town. I bought the “famous” smoked turkey sub and paid for it with my new credit card, which happened to have an EMV chip. The cashier took my card, inserted it into the bottom of the card reader and handed it back after the transaction had been processed. It caught me off-guard; though my experience wasn’t anything spectacular, it was impressive nonetheless. This sub shop had just processed the safest point-of-sale (POS) transaction I’d ever made.
You might be thinking, “What’s the big deal?” To answer that, you need to understand EMV. EMV is a global standard for debit and credit cards. EMV cards are embedded with smart chips that hold information similar to a magnetic stripe card but with greater security. If a retailer or merchant uses an EMV-enabled POS device and you pay like I did at the sub shop, your card number and data are now encrypted through the entire transaction. EMV technology makes breached card data virtually useless to criminals wanting to replicate a card and use it physically or electronically at another merchant location.
Target and Home Depot should quickly come to mind. If they had invested in EMV technology and every customer used an EMV-embedded card, the hackers would have obtained a ton of useless data. To date, Europe, Canada, Latin America and Asia are well on their way in migrating from the legacy magnetic stripe standard to EMV chip card technology. The U.S.—the world’s single largest user of payment cards—has just begun the process. (I know … big surprise.) To make matters worse, most merchants have feeble security and poor detective controls to stop a hack. Once inside a network, it’s a matter of time before hackers find unencrypted card data. EMV could prevent this from happening.
In the U.S. alone, annual card fraud costs are estimated at $8.6 billion. Experts believe that figure will rise to $10 billion or higher in 2015, especially if the U.S. does not make significant progress with EMV adoption. Safer times are coming, though. Retailers have until October 2015 to transition to EMV technology before a global shift in liability will be enforced. This means issuers and merchants using non-EMV-compliant devices that choose to accept transactions made with EMV-compliant cards assume liability for any and all transactions found to be fraudulent. With millions on the line, change will happen. It’s just a matter of how soon, as most are still weighing their options.
Evolving card technology such as EMV is vital to increasing security, but it won’t prevent all payment fraud due to the ever-changing strategies of cyber criminals. Some say it will only drive hackers to softer targets, such as online banking and card-not-present (online) fraud. EMV is a big step in the right direction, but you’ll always need to keep a close eye on your account activity. A great practice is to set mobile alerts on all bank and credit card accounts to notify you of transactions over a set amount. My alerts are set at $50, which is a great detective tool for my habits. I travel often and use a hundred different merchants a year. If I see a transaction come through that I don’t recognize, I immediately log in or call my bank—simple but effective!
Educate yourself on information security whenever possible, keep a close eye on your accounts at all times and shop safe using EMV wherever you can.
Latest posts by Cy Sturdivant (see all)
- FDIC: Banks Unprepared for Third-Party Cybersecurity Threats - July 27, 2017
- Internal Audit’s Role in Cyber Preparedness - September 15, 2015
- The Evolution of Cybersecurity - May 15, 2015