Those New Credit Card Chips Known as EMV Won’t Defeat the Data Thieves
New technology could beat fraudsters, but you’ll still be vulnerable.
-- Those tiny new chips embedded in your credit cards promise to make it tougher for thieves to steal your data. But before the technology — known as EMV — is fully adopted and probably for a long time after the transition begins in the fall, credit card fraud seems certain to rise.
In October 2015, changes in who is responsible for paying for credit card fraud will strongly incentivize card issuers and merchants to adopt EMV technology. This change is meant to decrease credit card fraud rates, but according to a new study by NerdWallet, the opposite is likely to occur, at least at first, as criminals head for other ways to commit card fraud.
Here's more about EMV, its limitations and how to protect yourself from fraud.
What EMV is and how it works
A credit card with an EMV chip — which is the small silver or gold chip embedded in the front of the card — is more secure than a traditional magnetic stripe card. (EMV stands for Europay, MasterCard, and Visa, the three companies that originally created the standard.) While magnetic stripe cards have static payment data that can be “skimmed” from one card and put onto another, EMV technology adds a bit of sophistication to the payment process.
“EMV chips creates a unique payment code with every use, so if a fraudster was able to steal those payment credentials, they’d be worthless for any other purchase,” says Sean McQuay, NerdWallet’s credit card expert and former Visa strategy analyst.
As more merchants install these new card-reading terminals, card skimming will quickly migrate to terminals that use the old-fashioned swipe. "That's why I caution consumers to be extremely wary any time they need to swipe a card after this fall,” McQuay said.
But as good as the technology is, EMV won’t solve all of our card security woes.
The limitations of EMV technology
In October, responsibility for credit card fraud switches from issuers only to the party — issuer or merchant — that doesn’t use EMV technology, a change known as the “liability shift.” And while this shift gives both parties a lot of incentive to adopt the technology, it’s not required. Both parties need to upgrade to keep payments secure.
“EMV is a powerful tool, but it’s only effective if both consumers and merchants are ready to use it for transactions. Consumers need chip cards and merchants need chip readers,” McQuay says. “If only one side has upgraded to EMV for a specific transaction, then the upgrade was a waste.”
With the adoption of EMV technology for in-person transactions, fraud is expected to migrate to transactions where the physical card doesn’t need to be present, such as purchases by phone or online. In addition, gas pumps aren't required to adopt the new technology until 2017 because of the costs involved, so they will remain vulnerable.
In the United Kingdom, for example, counterfeit fraud rates temporarily spiked and card-not-present fraud has continued to increase since EMV adoption in 2005. Card-not-present fraud in the UK rose 120 percent between 2004 and 2014, according to Financial Fraud Action's annual fraud study. This same trend is likely to be seen in the U.S. after EMV technology is widely integrated.
How to protect yourself from fraud
It’s important to learn how to use your card’s chip to keep your transactions safe. The new terminals are really simple: Insert your card into the payment terminal chip-first. Leave it there and follow the terminal’s prompts. Remove the card when the receipt starts printing.
After October, try to buy only from brick-and-mortar merchants that have upgraded to EMV terminals. It’s likely that fraudsters will increasingly target merchants without EMV technology at this time.
Online shopping security won’t be improved by EMV technology, so stay vigilant.
“EMV chips are only useful in the real world — when you physically dip your chip-ready card into a chip-ready reader,” McQuay says. “For online purchases, it’s still entirely up to you and the online merchant to protect the card data you key in manually.”
To lower your chances of online fraud, avoid shopping on unfamiliar or unsecure websites. Secure sites will have “https” at the beginning of the payment page’s URL, instead of “http.” If you store your card information with any online retailers, change the passwords regularly. And avoid sending credit card information via email or social media.
The bottom line: While EMV technology will likely lessen counterfeit fraud, the upcoming liability shift in the U.S. may result in an indefinite increase in fraud in online shopping and other card-not-present transactions. So keep your data secure by learning how to use an EMV chip for in-person purchases. And take steps to prevent online fraud by shopping only through secure sites and not sharing your credit card data.
Opinions expressed in this column are solely those of the author.
Erin El Issa is a staff writer at NerdWallet, a personal finance website.