In view of combating fraud, the payment industry has been undergoing multiple changes. Innovative security measures have been rolling out frequently. Cards embedded with microchips instead of magnetic stripes are considered to be the safest cards endowed with the latest security armada. But are these chips enough to fix fraud issues once for all? It seems that such is not the case in the United States (U.S.) as the correct security measures are not being applied.
Microchips considered as presenting the highest security level yet
It is for a good reason that microchips are replacing magnetic stripe bank cards. Contrary to magnetic stripe cards, cards embedded with chips do not contain sensitive data about the user and support dynamic authentication. It is based on Europay, MasterCard and Visa (EMV) chip technology.
For each transaction, a unique one-time code and encryption are used which makes it difficult or even impossible for fraudsters to copy the data even if they manage to steal it. The magnetic stripe card, on its side, is very easy to reproduce (skimmed), especially when used at Point-of-Sale (POS) devices or in the CNP environment. Visa and MasterCard have urged retailers and banks to switch to this new chip card in the wake of numerous high-profile breaches with magnetic stripe cards.
Compared to other countries in the world, the U.S. remained one of the last industrialized countries to adopt the EMV technology even if it was proven that they were successfully being used in the United Kingdom and Canada and where certain types of fraud were even reduced by 67 percent. EMV technology was first adopted in 1992 in France and today, there are more than one billion chip cards worldwide.
Millions spent for the adoption of this new system
With the advent of chip cards, card issuers have had no other option than to go with the flow. Up to 800 million US dollars have been spent so that new debit and credit cards be distributed to accountholders. Large retailers such as Walmart, Home Depot and Target have had to spend more than 8 billion US dollars to install new adapted card readers.
Fraud is only being shifted and not eliminated
Even if the multiple advantages of the chip cards are recognized and it has been proven that the chip card has drastically reduced fraud, it is equally argued that they are not really helping to combat fraud as fraudsters are only modifying their modus operandi in the country. The type of fraud is simply being shifted instead of being eliminated, according to the Retail Industry Leaders Association in the U.S. On a general note, the level of fraud itself has not been affected so much as fraudsters shifted their focus on non-chip transactions and other products, channels and geographies. For example, they are more on the lookout for debit than credit cards, on card-not-present than card-present systems and cross-border fraud.
PIN versus signature
The principal reason to feed the argument that the chip system remains flawed is that banks and other card issuers are not abiding by the correct secure rules. Instead of issuing the chip and PIN card that have a two-factor authentication, they are issuing chip and signature cards that fraudsters can easily undermine. Indeed, signatures can easily be forged and card readers cannot authenticate them as such.
These are two distinct transaction systems that do not do not present the same security features and consequently, do not necessarily entail the same consequences. Card issuers are being wrong and irresponsible by blurring the demarcation between the two.
PIN remains prone to hacking
However, the chip technology does remain vulnerable to hackers even with the PIN system. Fraudsters can no doubt find new means to crack down PINS.
The card industry does not share this point of view
The card industry defends itself by insisting that PINS and signatures are only additional layers of security that apply in case of theft, and that the true secure system is in the chip itself. Merchants equally argue that if ever fraudsters find a means to clone the chip in EMV card, the absence of PINS and signatures would only give them the green light to perform any transaction while their presence acts like another hurdle.
Related articles published in Cardholders Data security :
- Understanding Point of Sale Malware in cyber crime prevention
- Mobile payment: Paylib extends its services following partnership with BPCE Group
- Tokenization: Securing data with random numbers
- Secure Communication Prevents Eavesdroppers
Image : Shutterstock