November 13, 2018
New Study: EMV Cards Still Subject to Fraud
Whether you know it or not, you probably have an EMV card in your wallet. EMV cards, named for the joint development with Europay, MasterCard, and Visa, incorporate a computer chip into the physical card.
When scanned using an EMV-capable chip reader, the card generates a unique code for each transaction. Anyone stealing information at the point of sale gets a code that's useless for future transactions – compared to the old magnetic stripe technology that transferred the same information each time. Magnetic stripe information can easily be stolen and counterfeited, while EMV cards are basically counterfeit-proof.
EMV cards were touted as a great defense against credit card fraud. Initial results were promising, as several card issuers reported a 50% drop year-over-year in counterfeit fraud with merchants that switched to EMV card technology. However, a new study by Gemini Advisory determined that 93% of the sixty million payment cards stolen in the last twelve months were EMV-enabled.
How did the EMV card fail so spectacularly? There are two primary reasons – America isn't using the EMV technology to its full potential, and the technology doesn't address all forms of fraud.
We're Not Doing It Right
Most U.S. card issuers have supplied EMV-capable replacement cards to customers. Merchants have not been as quick to upgrade their card readers to EMV-capable models – and even when they do, issues with the software or payment processors may render the reader useless. Most of us have seen chip readers with the reader slot blocked and a handwritten sign telling you to swipe your card instead.
If you swipe the card through the magnetic stripe reader, you've defeated the purpose of EMV technology. Your card is prone to the same fraud risks as any magnetic stripe card.
Most American merchants are also missing an important part of the EMV technology. EVM systems are designed to provide "chip and PIN" transactions, operating like your debit card. You place the card in the chip reader and enter a PIN to complete the transaction. American readers are almost exclusively "chip and signature," where a signature is all that's needed to complete the transaction.
Other countries typically use EMV cards with the original chip-and-PIN technology. That's probably why Gemini Advisory found that the information from 41.6 million U.S. EMV-enabled cards had been stolen over the past year compared to 4.3 million cards throughout the rest of the world.
We'll Take Our Chances
Are we just slow to adopt the technology, or too impatient as a nation to allow the extra few seconds that chip readers require? Those factors are likely eclipsed by the costs. Simple EMV readers are available below $1,000, but retailers that require more complex integrated systems will pay far more for compliant readers.
Thanks to regulatory changes, merchants are now responsible for fraudulent transactions at their stores – with the exception of gas pumps, which have until October 2020 to comply with EMV technology. However, the high cost of EMV-compliant systems have led some merchants to take their chances – assuming they'll pay less in fraud damages than they will for buying and maintaining the EMV system, which will require periodic upgrades.
Those retailers may be right. Credit card fraud is shifting from point-of-sale theft and counterfeiting of physical cards to online credit card fraud.
Fraud From A Distance
Of the sixty million stolen U.S. payment cards last year, Gemini found that three-quarters of the cards were card-present (CP) thefts – stolen during point-of-sale transactions with merchants. However, the percentage of card-not-present (CNP) thefts grew by 14% over the past year.
Gemini found a lower discrepancy between U.S. and worldwide theft of CNP cards – 14.2 million U.S. cards versus 11.3 million for the rest of the world combined. It's easier for online thieves to use an EMV card without having to supply a PIN or other identifying information, negating the rest of the world's improvements in point-of-sale theft.
As online transactions continue to take a greater share of overall sales, EMV technology will have to adapt to gain greater acceptance and full compliance – or be replaced with other forms of security. If you want more credit, check out our list of credit card offers.
The Takeaway
EMV cards may be a step in the right direction, but so far, they have just shifted credit card fraud toward other methods. You must take the same precautions as before.
It's not practical to limit purchases to retailers with chip-and-PIN technology – but you can still take basic preventative steps. Whenever possible, stick with known and trusted retailers, and make sure you are using the correct site for online purchases. Knock-off websites can be very realistic, complete with authentic-looking logos and fonts.
Look for loose or unusual-looking readers on ATMs and gas stations, especially in remote or less secure areas – they may have a skimmer placed over the reader that scans and stores your information.
Store your card information in as few places as possible. It may be inconvenient to enter your card information with every purchase, but that's one less place for criminals to access your data.
Finally, consider applying a credit freeze to your account to prevent fraudulent accounts, and check your credit report regularly for any fraudulent charges on your existing accounts. You can check your credit score and read your credit report for free within minutes by joining MoneyTips.
Don't let EMV cards – or any other security improvement – lure you into such a false sense of security that you ignore the basics.
If you would like to prevent identity theft, join MoneyTips and check out our free Identity Protector tool.
Photo ©iStockphoto.com/ADragan
Advertising Disclosure