In the wake of widespread credit card fraud, credit card companies EuroPay, MasterCard, and Visa are abandoning the magstripe system (“swipe-card”) in favour of a chip-based authentication system called EMV. 99.9% of card terminals in Europe are already chip-enabled. However, the US is only slowly transitioning to the technology.
According to a Diebold report on EMV technology, these “chip-and-PIN” cards are safer than American swipe-cards. Typically, American magnetic swipe cards contain an unchanging set of information that makes it relatively easy for counterfeiters to grab your information every time you swipe, as a recent article on CreditCards.com explained. EMV cards, on the other hand, contain a chip that creates a new transaction code every time you buy something.
This makes duplication nearly impossible.
The US has yet to fully adopt EMV cards, but perhaps the most compelling argument for why they should came on Dec. 19, 2013, when Target announced that it had been the victim of a massive data breach. Hackers had targeted every one of Target’s 1,916 US stores, stealing 40 million credit and debit card numbers from its point-of-sale systems.
Hackers likely exploited a massive security hole that left other companies vulnerable to attack as well. Namely, magstripes — the magnetic stripe on the back of most major credit and debit cards that stores user’s data.
Because these magstripes hold a person’s account number, expiration date, and secret CVV code, they are valuable goods in the underground market. Hackers sell these magstripes to card counterfeiters who then easily paste them onto fake credit cards using their own magstripe encoding machines.
Most banks’ mechanism for authenticating credit cards is relatively weak. According to Wired, each card is only authenticated using roughly 23 characters of data which can be easily duplicated and lost in a sea of 26.2 billion consumer transactions. The Target breach might have been prevented had the cards used by its customers contained EMV chips, because cyber criminals would have been less willing to buy this EMV card data that is harder to counterfeit. This would have left hackers with no market for the stolen data.
However, it’s “important to note that EMV is not itself a security solution — it’s really an anti-counterfeit fraud solution,” Craig Hoffman, a partner in the privacy and data protection practice at BakerHostetler, said in a prepared statement.
Hoffman still believes it would be wise for the US to adopt EMV technology: “The EMV roll-out will create some sharing among national retailers regarding responses to information threats — which is actually a good thing.”
Michael Misasi, an analyst with the Mercator Advisory Group, told Wired that he expected the magstripe system to soon become obsolete in the US. “All of the data breaches that have happened have woken people up, and progress has been accelerating this year,” he said.
It is expected that by October 2015, 70% of US cards will have EMV chips, reports Forbes.