Credit Card Security: Spotlight on Current and Future Technology

Posted on May 26th, 2017
Credit Card Security Spotlight

Author: Paul Spiegel

In 2015, credit and debit card fraud in the United States cost banks and merchants $8.5 billion in losses. These losses get passed along to all consumers in the form of higher prices, so it’s an issue that affects everyone. Naturally, the card industry looks for new techniques to help fight some of this fraud.  The “chip card,” (also known as an EMV card), which began to be issued to cardholders with more frequency last year, is one of the newest approaches to tackling card fraud.

A quick glance at your debit or credit card will tell you whether it is a “chip card.” Look for the square gold-colored box near the upper-left of your card.  This is the contact terminal for a computer chip that is embedded within your card.  If you don’t see this box, your card is not yet using this new technology.  While 77% of all cards in the U.S. now have these chips, the industry is still issuing new cards to all cardholders.

To understand how chip-cards help reduce fraud, let’s first review how cards functioned prior to this new technology. On the back of every card, you’ll find a black magnetic strip.  On this strip, card information such as  name and account number, is electronically stored.  When completing a transaction, you  “swipe” your card in a terminal device.  The device gets information from your strip so it can contact the card-issuer for the authorization to complete your transaction.  While this makes transactions very efficient, the  strip is also  easy for criminals to copy. Once copied, these criminals are able to create counterfeit cards that look “electronically” exactly like the original card.  Card issuers and merchants have no easy way to detect that a card is counterfeit or valid.

In the 1980’s, banks and merchants in Europe began experimenting with a new technology embedding computer chips in cards. Known originally by the initials EMV, it was named after three of the founding companies behind its adoption;  EuroPay, MasterCard and VISA.  It is now more commonly known as a chip-card.  This technology began its U.S. introduction in 2012, but really gained speed in 2015 when the card networks changed their rules to encourage adoption by all issuers and merchants.

How does it work? Instead of “swiping” your card, you now insert, or “dip,” your card into a terminal designed to read the chip on your card.  This computer chip uses special algorithms to generate a unique one-time code, giving the merchant and card-issuer a very high degree of confidence that the card is not counterfeit.  Since the code is unique, even if someone were to electronically capture the authorization messages, they could not use that information to create a counterfeit card.

Chip-cards are still being adopted by card issuers and merchants. Among merchants accepting cards, only about 40% have upgraded their terminals to be able to read chip-cards. All chip-cards still have that magnetic strip so transactions can be accepted by merchants not yet upgraded to the new technology.  Those merchants that have upgraded their terminals, though, have seen a significant 43% decrease in counterfeit card losses compared to the previous year.

This reduction in losses is significant for a couple reasons. First, since fraud losses affect the prices we all pay, it is to everyone’s benefit that these types of losses are reduced or prevented.  Merchants do have an additional incentive to adopt this new technology.  Prior to the chip-card, losses associated with counterfeit cards were borne almost entirely by card-issuers and banks. With the migration to chip-cards, there has been a “liability shift” and the losses are borne by the merchant and not the card-issuer.  This creates a powerful incentive for merchants to upgrade their terminals to the newer  chip-card technology.

While this new technology is proving effective at helping prevent some types of fraud, there are still weaknesses that criminals exploit in their attempts to steal from all of us. For instance, while a chip-card can help prevent a counterfeit card from being used at a merchant, it is not effective at preventing fraudulent cards used for telephone or internet-based purchases.  Another weakness is that, while your card may have a chip, it also has that magnetic strip.  It’s not difficult for a criminal to use a hidden card-reader to get information off your magnetic strip, letting him create counterfeit cards for use with internet or telephone purchases.

In order to fight these newly emerging weaknesses, the industry is adopting some unique counter-measures. For instance, MasterCard and VISA have both introduced effective tools to help secure internet-based transactions, known as “Master SecureCode” and “Verified by VISA.”  Using another approach, some issuers are creating cards that use “near field communications” (tiny radio transmitters) to electronically send card information to a merchant’s terminal.  Since the card never leaves the customer’s hand, it’s virtually impossible to steal information from the card’s magnetic strip.  While only about 5% of cards today have this technology, you will see more adoption over the next few years.  In fact, there are already companies selling “radio frequency shields” for your card.  These shields, in which you store your card when not in use, prevent someone near you from picking up your card’s radio broadcast.

What can you do to help prevent card fraud? These simple tips can help prevent or minimize card fraud.

  • Always keep your card in a secure location.
  • Never keep your PIN written on or near your card.
  • Review your account on a regular basis for transactions you don’t recognize.
    • At a minimum, review your monthly statement.
    • Even better, and if available, use your bank’s online or mobile apps to monitor your account on a daily basis.
  • When you see suspicious transactions, notify your bank or card-issuer immediately.
    • Even if the transaction is only for a low amount, report it immediately.
  • Consider using “Master SecureCode” or “Verified by VISA” to help secure your online purchases as well.

Losses associated with card fraud are a problem that affects all of us. Even if you don’t use cards for your own purchases, we all pay higher prices due to these fraud-losses.  Following the tips provided here, and using the new chip-card technology when available, can be effective measures in helping minimize the occurrence of new fraud in the future.

Paul Spiegel serves as Senior Vice President and Senior Operations Manager at Mid Penn Bank. Paul has nearly 40 years of financial services experience and oversees the bank’s deposit operations, retail operations and cash management operations groups. Have questions for Paul about credit card security? Contact him via email or by phone at (717) 896-5363.