Join Us

Finally, new fraud prevention technology for cards is on the horizon with EMV

Posted May 8, 2014

The world of payments is evolving. We are finally starting to see an evolution from typical static magnetic stripes cards to more intelligent devices such as EMV chip cards and NFC (Near Field Communication) mobile phones. EMV stands for Europay, MasterCard and Visa, the developers of the technology's standards. Credit cards that use EMV technology have an embedded microprocessor chip instead of a magnetic stripe to store cardholder data. While magnetic stripes store credit card numbers and expiration dates, which can be used to make counterfeit cards, EMV-enabled cards encrypt transaction data differently each time the card is used. As a result, EMV transaction processing is considered more secure than a magnetic stripe.

It's no secret the U.S. has been slower than other parts of the world to embrace EMV cards embedded with computer chips. Why is that? One reason is because of the huge cost to banks, credit unions and retailers to convert ATMs, charge card readers and other payment processing systems. Another reason is the cost is quite high to produce the chip embedded plastic in the U.S. -- almost three-times more than producing a traditional magnetic stripe card.

While most agree that EMV is an improvement over the magnetic stripe, it won't prevent all fraud and this has caused some in the cards industry to doubt the need for EMV. For example, it wouldn't have prevented the recent credit card data breaches at U.S. retailers, but EMV technology would have significantly reduced the damage that resulted from the breach because there would have been fewer cards vulnerable for counterfeiting. EMV also does not protect consumers from card-not-present transactions. Card-not-present transactions are those transactions made via the Internet or phone in which the cardholder is not physically present and because no chip transaction is involved. Further, another problem is that EMV-enabled cards used in the U.S. are likely to continue to have a magnetic stripe too so they can be used by merchants who have not upgraded. As long as EMV cards have the magnetic stripe, they will continue to be unprotected.

Currently there is no mandate for card issuers to provide EMV-enabled cards. However, a liability shift is intended to compel merchants and issuers to update their Point of Sale (POS) terminals, cards and software to be EMV-enabled. If merchants do not comply, they will begin to share in the cost of card-present fraud. Today, issuers bear 100% of the liability for card-present fraudulent transactions. In October 2015, if a merchant has not upgraded their POS terminal to being EMV capable, they will assume this liability if the issuer has issued EMV cards.

As such, issuers that wish to reduce their fraud losses will want to consider moving to an EMV card. The attacks on magnetic cards in the U.S. are expected to continue and the total fraud cost related to magnetic stripe cards are expected to grow significantly as a result. It is in the issuer’s best interest to act now and prepare for EMV as consumers are also looking to EMV for renewed confidence in the payments system.

Written by:
Amy MacMullen, Director of Card Services
Corporate One Federal Credit Union