By Cody Crawford
The United States is behind in credit card technology. In 1992, France moved to smart chip card solutions for its citizens, and the rest of the world followed. The U.S. continues to invest in the outdated magnetic stripe technology with vague, distant plans to move to smart cards, or EMV. Recent attacks by hackers have startled the U.S. into putting changes in motion to protect consumers. Target, Neiman Marcus and Sally Beauty Supply have all purportedly been hacked with what seems to be surprising ease in the past three months. Millions of consumers’ card data has been posted for sale online, spurring conversations between banks, merchants and lawmakers.
The technical name for smart cards is EMV. EMV stands for Europay, MasterCard and Visa, who were the companies that initially developed the standard for smart cards used globally today. A card being called “smart” means that instead of having the data sitting on the card, unencrypted, waiting to be read, the smart card data is encrypted on a tiny processor that resides in the plastic of the card. Smart cards have a grid of metal contacts that are powered by the card reader when making a transaction.
Smart cards are more secure due to the encrypted protocol used for transactions. If the card reader does not ask all the right questions, in the right order, in the right amount of time, the transaction fails. Likewise, if the card doesn’t provide the correct information to the reader, the transaction fails. This means a hacker can’t create a fake card using information stolen from a smart card transaction. As soon as a transaction is processed, all the data used in that transaction is out of date and can’t be used for another in the future.
The reason the U.S. hasn’t implemented EMV technology is that it’s expensive. It’s more costly to manufacture smart cards than magnetic stripe cards, and also for merchants to install new machines to read the smart cards. With an increasing number of major companies being hacked, however, something has to change, or people are going to become scared to use their cards at all. In a statement to the Senate Judiciary Committee, a spokesperson for the Consumer Union stated, “The burden is being put on consumers to be vigilant to prevent future fraudulent use of their information.”
MasterCard and Visa have agreed to make the move to smart cards in the U.S. by October 2015. While all merchants will not have new machines installed by that time, this deadline marks what industry professionals are calling a “liability shift.” This means that if a consumer’s card data gets stolen because a merchant does not have the ability to read their smart card, the merchant is liable to repay any funds that are stolen. If the merchant has smart card reading capability, but the consumer’s bank has not given them a smart card, the bank is responsible.
Professionals in the card industry have predicted the U.S. move to smart cards for years, and as more companies are reporting fractures in data security, everyone is coming to a consensus that something needs to be done. Changes being made in the industry are good for the consumer, even though the changes have been propelled by large-scale data thefts. Though all technology is susceptible to security breaches, smart cards are the most advanced technology available in the credit card realm.
Sources:
Cody Crawford holds a degree in software engineering and recently joined the staff of Validity as Director of Digital Innovation.
Great article!