If you’ve received a new credit card within the past year, chances are you’ve noticed some subtle changes to how you purchase things in stores. Instead of “swiping” your credit card, merchants are asking you to insert it into a slot (sometimes known as “dipping”).
Welcome to a smart new security device: the EMV chip. But what is this chip? Where did it come from and why do we need it?
The acronym EMV stands for its creators: Europay, Mastercard, and Visa, three companies that came together in 1993 to set technical standards for payment cards that rely on integrated circuits rather than magnetic strips to store important payment information.
Ever since credit cards entered the mainstream during the mid 20th-century, the magnetic strip has been the de facto standard for storing payment information. But because data on the strip itself is static, meaning the information never changes, it became easy for thieves to capture and reproduce.
“[EMV] technology makes it harder for thieves to steal data because each use of the card creates a unique transaction code generated by the card reader,” said Alex Matjanec, CEO of MyBankTracker. “The code cannot be duplicated remotely or stolen using a phony swipe device, tactics favored by scammers with magnetic cards.”
Every time you use an EMV card with a payment terminal (i.e. the device where you enter your PIN or signature), the small chip on your card initiates a dialogue between the store you’re visiting and the financial institution that issued your credit card.
These additional encryption techniques make EMV cards inherently safer than their magnetic strip predecessors, but also increase the time it takes to finish your purchase. Customers have complained of wait times as long as 15 seconds per transaction, which can add up quickly if you’re standing in a long grocery line.
“It takes a bit longer because of the unique code that is generated for each transaction made,” said Don Bush, VP of Marketing at fraud prevention company Kount. “Transaction times will take longer if a terminal has not been configured efficiently or aligned with the cards it’s transacting with. As merchants and consumers get used to this new process, we anticipate the transaction time will likely decrease.”
Many of those merchants are moving over to EMV-enabled points-of-sale because of the fraud “liability shift” that occurred October 1st, 2015. In the event of a credit card-related data breach, liability for damages no longer falls on the issuing banks. Instead, businesses that have not upgraded to EMV terminals will be responsible for fraud that occurs on an EMV-ready credit card.
"Consumers need to be wary of any store that forces them to swipe their card as opposed to dipping the chip — old terminals will be even more susceptible to hacking until they're upgraded," said Sean McQuay, a credit card expert at personal finance site NerdWallet, in an interview with ABC News.
The physical shift to EMV is not without its costs: Payments Policy Group and the Chicago Federal Reserve point out that merchants will spend an estimated $200-$1000 to upgrade each of their payment terminals.
Likewise, banks will have to stomach a bulk of the costs associated with producing cards with EMV chips. According to Bloomberg, costs will rise from 50¢ to about $2.20 to make each card, increasing their annual production costs by about $1.7 billion.
We can partly attribute the slow adoption of EMV in the United States to costs associated with the transition, since merchants and financial institutions are traditionally hesitant to go through with sweeping technology upgrades that cut into their profit margins.
Europe, on the other hand, adopted the liability shift in 2005. Transaction processing in Europe at that time had been exceptionally vulnerable to hacking leading up to 2005 due to less efficient technology compared to the U.S.
However, once Europeans began using EMV cards with greater frequency, hackers had less success in Europe and refocused their efforts to the U.S., where magnetic strips were still very vulnerable. This is why we saw much more high profile data breaches at places like Target, P.F. Chang’s, and Home Depot in recent years.
The transition to EMV cards will not happen overnight. But as the years go on, expect to see this new technology in the wallets of nearly every consumer in the U.S.
Author: Terry Murray, Head of Prepaid Operations