Perhaps you can remember back when you got your first
computer let’s say around 20 years ago?
How about your first cell phone?
Was it a flip phone just making phone calls? How well would your old computer work today
assuming it was still available? Of
course it could not do much in the world today.
In a similar way this is the problem with the credit / debit cards we
are using today. It is a technology from
the 20th century, operating in a much advanced 21st
century. The magnetic stripe card we use
today: the technology was developed back in the 1960’s and the ability to apply
it to a plastic card came about in mass production in the 1970’s. The data from these cards can be easily
copied and reproduced to another plastic counterfeit card. Until the “owner” of the card realizes the
card data was stolen, the card can be used to purchase items. Typically the fraudsters will resale these
items for cash.
Since then new technology has been developed to make it much
harder, if not impossible to replicate cards that can used in advanced credit
card device readers. It is known as
EMV. This payment security standard was
developed by Europay, MasterCard, and Visa in 1994, hence “EMV”. In the mid-1990s, EMV-compliant payment cards
began to be issued and EMV-compliant POS terminals began to be installed in
countries around the world. While different markets have migrated to the EMV
standard at different speeds, the U.S. has been the one major international country
not adopting the standard. Since 2011, however, the global card networks that
first created EMV have renewed their push to bring the EMV standard to the
United States. Some ask why has it taken
the US so long to adopt this or any new standard with a more secure technology
than we use today? The answer is not
clear, however, in my opinion; the best reason is until recently it was less
costly for the banks to absorb the fraud losses than to pay for the new more
costly technology. What seldom gets
mention if at all about fraud loses is much of theses cost can ultimately hit
the original accepting merchant that unknowingly took the counterfeit card.
An
EMV card resembles the current magnetic-stripe cards with one significant
difference, the EMV “chip” or microprocessor that is embedded in the card. EMV protect against
duplicate card fraud.
Unlike a magnetic-stripe card, an EMV card is not swiped through a reader.
Rather, it is inserted into a slot on the terminal. When the EMV card is inserted, a metal
contact on its face connects the card to the terminal and the two devices are then
able to communicate. While the EMV card
is used for a transaction and during the communication process for an approval
response from the issuing bank, there is new dynamic CVV code used in the authorization request. This dynamic CVV changes for each transaction. It is validated against what is expected at
the host. The result is the primary
account number is static yet data changes on each transaction. The problem that EMV will not help against
fraud is in a card not present environment such as goods sold on a
website.
Although EMV it is not a magic bullet, it is far better
then what we have today. For example card fraud in the
U.K. began to drop following EMV implementation. But in 2008 and 2009 fraud
losses began to rise, driven mostly by card not present transactions and
cross-border fraud initiated with counterfeit cards using information captured
from legitimate cards’ magnetic-stripe. After more
countries had adopted EMV, card not present transactions and cross-border fraud
losses fell. During the first six months of 2010 the same period the previous
year. Since its adoption in the European
countries, and the U.K. in particular, EMV has effectively eradicated
face-to-face counterfeit card fraud in card payments. Consequently, the U.K. case
study has significant implications for U.S. merchants since it highlights the
tangible reduction in fraud witnessed in a country following EMV migration.
Although many merchants may be skeptical of EMV migration
given the significant upfront costs of upgrading payment acceptance terminals,
over the long run merchants and the industry as a whole will benefit from a reduction
in fraud. The magnetic-stripe is no longer able to fend off fraudsters armed
with low-cost magnetic-stripe readers, card-duplication gear, and
Internet-sourced card data that can be entered into the payments system without
strong account holder authentication. The result has been an outbreak of card
skimming that has cost the payments industry and merchants millions of dollars.
If you have any question about this, please feel free to contact us at info@tampabaymerchantservices.com or call 727-916-7294
