While EMV chip cards are nothing new in other areas of the world, the U.S. has just recently adopted this technology. Since October 2015, the U.S. began undergoing a substantial payment technology development — updating from magnetic stripe (magstripe) cards […]
While EMV chip cards are nothing new in other areas of the world, the U.S. has just recently adopted this technology. Since October 2015, the U.S. began undergoing a substantial payment technology development — updating from magnetic stripe (magstripe) cards to EMV (named for its original programmers, Europay, MasterCard, Visa). This transition is also referred to as the EMV Liability Shift.
However, contrary to other countries around the world who have transitioned to this kind of payment technology, the US didn’t enact a”card chip regulation” to make updating mandatory. As a consequence of this action and non-law, many U.S. merchants have foregone upgrading their payment technologies to accept chip cards leaving them more prone to credit card fraud.
Let us take a look at the difference between a processor card magnetic stripe card and discuss how modern technologies are protecting both merchants and customers.
- 1 What is EMV Duty and Why is it Changing?
- 2 What are the Differences in Chip Card vs. Magnetic Stripe Card Transactions?
- 3 How Chip Cards and Magstripe Cards Store and Transmit Data
- 4 Why Magstripe Cards Can Not Conquer Processor Card Security
- 5 Credit Card Fraud Shifts Too
- 6 EMV vs. NFC
- 7 What Payment Safety Says About Your Brand
What is EMV Duty and Why is it Changing?
As the name of this act suggests, the EMV Liability Shift only changes the liability from one party to another. Contrary to other countries around the world that transitioned this kind of payment technologies, the US didn’t enact a”card processor law” to make updating mandatory. As a consequence of this action and non-law, many U.S. merchants have foregone upgrading their payment technologies to accept chip cards leaving them more prone to credit card fraud.
Before October 2015, the liability, or responsibility for fraudulent card-present transactions generally fell on the card issuer. Following October 2015, the accountability for in-store fraud changes to the party (the merchant, the acquirer, or the issuer) which hasn’t embraced chip technology.
Since the liability change went into effect, merchants with no capability to process EMV chip card transactions may have undergone chip card chargebacks. Cardholders initiate the chargeback process when they contact their issuing banks to challenge charges on their accounts.
Merchants with EMV-compliant technology might have the ability to dispute the claim that the cardholder was the man who made the purchase. However, merchants without chip card processing capacities do not have many options other than to repay the amount of the transaction. Also, merchants will confront chargeback fees and might also need to pay EMV non-compliance fees when they process a fraudulent chip card transaction.
For the first time, merchants are responsible for covering fraudulent charges — not the issuer. So for small business owners, too much fraud could spell financial ruin your company.
What are the Differences in Chip Card vs. Magnetic Stripe Card Transactions?
For customers, the most noticeable difference when it comes to chip cards versus magnetic stripe cards is the way they use them during transactions. With magstripe cards, you swipe. With EMV chip cards, you dip.
- A magnetic stripe card transaction
A magstripe transaction starts with a quick swipe of the card through a card reader. The payment terminal then sends an authorization request to the parties in the payment chain (generally the acquirer, payment processor, and issuing bank). If approved, the terminal may request a PIN or client signature to confirm and complete the transaction.
- An EMV transaction
An EMV transaction begins when the user inserts, or drops, the card into a processor card payment terminal, where it remains throughout the whole transaction. The payment terminal then sends an authorization request to the parties in the payment chain — like a magstripe transaction.
The card will authenticate data and ask the terminal to authorize the transaction. The terminal requests authorization and receives a response — and that is the point once the customer can get rid of the chip card by the EMV chip card reader.
1 thing customers seemingly took note of was the quantity of time it took to process a processor card transaction. For an impatient nation that was used to pulling their credit card from their pocket, creating a fast swipe and immediately putting it back into their pocket, the few additional seconds it took to leave the card in the payment terminal felt like an eternity.
For business owners, the issue was that impatient customers that are accustomed to swiping, would not be patient enough to leave their cards in EMV terminals for authorizations — or they would forget their cards at the terminals. But, EMV transactions are becoming quicker through new”rapid chip” technologies, and dipping cards have become second nature for most consumers.
How Chip Cards and Magstripe Cards Store and Transmit Data
What may be less evident to both customers and merchants is how these two very different kinds of transactions communicate and transmit information.
A magstripe card receives its title from the magnetic stripe across the back of the card. This”stripe” is encoded with sensitive payment card information like the complete PAN (personal account number), expiration date, and account holder name among other items.
The magnetic stripe includes minute magnetic particles which may be oriented in various directions to write data on the card. Magstripe information is static, meaning when the information is loaded on the magstripe, it will not change. If this readable card information falls into malicious hands, it can be easily replicated to make a new card.
On the other hand, an EMV card comprises a computer microchip that stores payment card information. The processor also produces a distinctive, one-time-use cryptogram for every transaction to make it more secure than a magstripe card.
If a counterfeiter gets a hold of numbers from an EMV card, possibly as soon as the magstripe was used rather than the processor, the cloned card wouldn’t have the capability to make the exceptional cryptogram needed to get a card gift EMV transaction, so the card will be diminished.
Merchants should think about procuring their entire payment ecosystems with encryption and tokenization.
- Encryption changes information in readable format into an encoded variant that only the issuing bank can decode. When a hacker stole encrypted data, they would not have the ability to get any value from it.
- Tokenization replaces card information using a unique”token” that reflects data the legitimate players in the payment ecosystem desire but might mean nothing to an external party that steals it.
Why Magstripe Cards Can Not Conquer Processor Card Security
Combatting card fraud is the main reason that card networks pioneered the change to EMV technology. Magnetic stripe credit cards and debit cards are vulnerable to a fraudulent practice known as”skimming.” When a merchant’s card reader can read static data in the rear of a magstripe card, thieves can use a device known as a card skimmer to do the same.
Card skimmers are small, cheap devices positioned over valid card readers and largely found in self-service environments such as ATMs or gasoline stations. For transactions that require a PIN, a few highly-skilled offenders will also use a very small camera which records the cardholder punching from the PIN on the keypad.
The skimmer and the camera provides the burglar everything they need to make counterfeit cards that draw from the victim’s account.
The microchip in an EMV card is a lot more challenging and less financially possible to duplicate due to the complex and expensive technology required.
Visa reports that counterfeit card fraud has decreased 76 percent for merchants who have upgraded to chip card technology.
Credit Card Fraud Shifts Too
Although card-present fraud diminished with the adoption of EMV, card-not-present (CNP) fraud is increasing. Javelin Strategy & Research reports that CNP fraud increased 1 percent from 2.4 to 3.4 in 2016 — one year after the U.S. transition to EMV.
However, because a PaymentsSource article points out, we can not blame EMV entirely. The growth of internet fraud may also be attributed to hackers increasing their action as ecommerce sales continue to surge.
EMV vs. NFC
Payment terminals, including EMV chip card readers, can also support contactless payments using near-field communication (NFC) technology. Customers only need to wave the card close to the terminal to communicate protected payment information to the merchant’s POS terminal.
Instead of the physical card, clients also have the choice of utilizing their EMV cards through an NFC mobile wallet such as Apple Pay, Android Pay, and Samsung Pay to create mobile payments. Having an NFC mobile wallet, clients wave their phone close to the payment terminal rather than the actual card.
However, in this scenario, the telephone, not the EMV chip, provide security, such as encryption and tokenization to maintain card data safe.
When a client opts to make a contactless EMV payment, transaction processing is very similar to when a customer inserts the card, and sometimes, such as large transaction amounts, the issuing bank may ask that the card is inserted for a contact EMV payment.
What Payment Safety Says About Your Brand
As time passes, more customers are taking EMV cards in their pockets and getting familiar with how to use them and educated about the additional security they provide. Some customers may start to wonder why you do not take them in light of their fraud protection EMV provides.
EMV chip cards are getting to be the new normal. A big risk a merchant takes
By not updating to EMV technology is allowing customers to see your company as one that does not take the security of the payment card accounts seriously.
Consider your brand image, in addition to how both kinds of cards are used and processed along with the amount of security each provides: From the processor card magnetic stripe card showdown, the greater option for you and your clients is apparent.
►►► ConnectPOS is a cloud-based POS software compatible with multiple platforms including Magento, Shopify & Shopify Plus, and BigCommerce.