BankThink

EMV Cards: the Beginning of the End for Hackers

Protecting consumer data is the payments industry's highest priority. Numerous data breaches have made clear that Americans' personal information is vulnerable to criminals. Today, payments networks along with financial institutions and merchants are implementing protections that address consumers' concerns about data security.

An important first step in this security upgrade is the transition to more secure chip or EMV cards. Starting Oct. 1, chip cards will be replacing the 1.2 billion magnetic-stripe cards in American wallets and eight million merchants will begin updating their checkout lanes to accept the new cards. EMV cards, which are widely deployed elsewhere in the world, offer a significant advancement in the security of retail transactions.

And yet, recent media attention has focused on disagreements over whether consumers should be required to use a PIN in EMV transactions. One retail trade group argued that rolling out chip cards without PIN requirements gives the U.S. "the weakest card security in the world."

This debate is a distraction from the important work being done by the entire industry to fight cybercrime. Although those arguing for a PIN requirement are correct that chip card rollouts outside of the U.S. required PINs, the chip technology infrastructure in the U.S. does not require a PIN to prevent counterfeit card use. The chip cards do that with or without a PIN.

Moreover, let's remember why chip and PIN went hand in hand outside of the U.S. Early EMV implementation came at a time when telecommunications infrastructure in Europe was spotty and merchants could not connect their payment terminals to the card networks. That meant the handheld terminal that a waiter in Paris brought to your table was not connected to the network. The card transaction was authorized "offline" using a PIN as well as the card because the terminal couldn't talk to the network in real time.

In the U.S., on the other hand, we have a ubiquitous telecommunications infrastructure that allows every merchant to connect their credit card terminals to the network to authorize transactions with their customer's bank. The chip card then generates a dynamic security code that is verified by the network, which prevents criminals from producing a counterfeit card.

All this means that consumers who already use a PIN today will still use a PIN with new chip cards. But it is not true that the crime-fighting capability of the chip in our new cards will be diminished without a mandatory PIN.

On a broader level, it's also important to note that while EMV cards are a step in the right direction, they can't stop online fraud. Online fraud currently accounts for 50% of all fraud in the U.S., according to Visa. That number is likely to increase as the EMV system blocks criminals from committing counterfeit fraud, forcing them to shift to other tactics.

To address this threat, the payments industry is deploying new, cutting-edge technologies that along with EMV present a multilayered defense of our complex networks. Tokenization can prevent future data breaches by replacing account information with single-use tokens that cannot be intercepted. Encryption technology allows retailers to secure all points of entry into systems that store financial information.

The American public deserves our best efforts to counter increasingly sophisticated cyber-threats. The transition to EMV cards is only the beginning.

Jason Oxman is the CEO of the Electronic Transactions Association, a global trade association representing more than 550 payments and technology companies.

For reprint and licensing requests for this article, click here.
Bank technology Consumer banking Data breaches Credit cards
MORE FROM AMERICAN BANKER