Widely used throughout Europe, chip-and-PIN credit cards look and feel much like American credit cards. But instead of using a magnetic stripe to store financial information, these cards store the data on embedded microchips.
The chip-and-PIN system, also known as the EMV standard — for Europay, MasterCard and Visa, the originators of the standard — was first established in 1999 and has since almost completely replaced the magnetic-stripe standard in Europe. (Debit cards in Europe began using chip-and-PIN in the early 1990s, but most of these cards could not be used internationally.)
Chip-and-PIN cards are also replacing conventional "magstripe" cards in Asia, South America, Canada and Mexico.
While most card-issuing companies and banks in the United States still issue magnetic-stripe credit and debit cards, many of these organizations are moving toward the adoption of the EMV standard.
U.S. retailers have until Oct. 1, 2015, to install chip-and-PIN compatible card readers at stores. After that date, merchants will be held liable for any fraudulent charges resulting from misuse of magnetic-stripe cards.
Here's what Americans should know about the payment-card system that's used by the rest of the world — and that will be used here soon enough.
How do chip-and-PIN cards work?
Like magnetic-stripe credit cards, chip-and-PIN cards can be used in person at a point-of-sale (POS) terminal, online or over the telephone. To make an in-store purchase, chip-and-PIN cardholders insert their cards into a point-of-sale terminal and leave it in place throughout the entire transaction.
Once the card is read, cardholders enter a PIN number to authenticate the transaction. The main difference between this method of payment and the older, magnetic-stripe method is that users do not need to provide their signature to complete the transaction. As when making a debit-card purchase, a user's PIN serves as his or her "digital signature."
Chip-and-PIN cards can also be used online or over the phone. Depending on the card provider, virtual transactions will either require users to enter the three-digit security code on the back of their card or a secure password provided by their credit card company.
It's unlikely that a user's PIN will be required to make a purchase online or via telephone, at least not immediately after the EMV standard is implemented in the U.S. (In parts of Europe, banks issue USB-connected chip-and-PIN reader to consumers for online shopping.)
Are chip-and-PIN cards safer than magnetic-stripe cards?
The short answer to this question is yes. Chip-and-PIN cards are inherently safer than magnetic-stripe credit cards because they rely on a two-factor authentication process. In other words, someone using a chip-and-PIN card must (1) be in possession of the credit card and (2) be in possession of the PIN number that verifies that credit card. This is similar to the two-factor authentication system used for ATM transactions in the United States.
Chip-and-PIN cards are also safer for consumers because they are not susceptible to "skimming" scams.
Skimming scams are a common problem with magnetic-stripe cards and involve a criminal illegally recording a person's credit card information by rigging credit card readers. The criminal can then use the victim's credit card information to "clone" a new magnetic-stripe credit card.
EMV cards cannot be cloned, as each embedded chip is uniquely encrypted for a specific card.
It should be noted, however, that chip-and-PIN cards are still vulnerable to card-not-present fraud (i.e. fraud committed via the Internet or telephone). Several countries have seen Internet-related fraudulent card use rise after the implementation of chip-and-PIN systems.
If chip-and-PIN cards are safer, then why has the United States been so slow to adopt them?
Several factors have contributed to the slow adoption of the EMV standard in the United States. For one thing, both merchants and credit-card companies have been hesitant to bear the cost of supplying cardholders with new credit cards and to deploy new credit-card terminals.
These same entities also remain skeptical as to whether U.S. consumers themselves are ready for the switch to a new system. Consumers are thought to have little demand for EMV cards, as end users in the U.S. are almost never responsible for fraudulent charges resulting from stolen cards. (That policy regarding consumer liability may change with the implementation of EMV cards.)
In the late 1990s, when the EMV standard was formulated, Europe did not have a continent-wide payment network in place able to immediately verify all payment-card transactions, and EMV cards were a solution that would verify cards on site without a merchant having to dial a remote server.
North America did have a continent-wide payment network, with a resulting lower rate of fraud, and hence had no need for immediate on-site verification.
However, in recent years many U.S. banks and credit card issuers — including Wells Fargo, JP Morgan Chase, American Express, Discover, MasterCard and Visa — have committed to making the switch to chip-and-PIN a priority.
Some technology experts believe that, instead of adopting the EMV standard, American credit card companies may commit to developing the near-field communication (NFC) standard for new credit cards.
Using NFC, a form of short-range radio signal, instead of EMV would mean that Americans could forgo credit cards altogether and instead make payments using their smartphones or other mobile devices.
0 comments:
Post a Comment