The Truth About Chip & PIN Technology

Jun 10, 2014 1:41 PM  By

chip & pinA major change in payment technology is coming that impacts every major retailer and credit and debit card provider in the U.S. In less than 18 months, all U.S. merchants and card providers will make the switch to EMV payments—a term coined in honor of its creators, Europay, MasterCard and Visa.

For retailers and card providers, there are several important issues to consider regarding EMV technology ahead of the October 2015 deadline.

Lack of PIN Authentication

Although many people in the retail and payments industry mistakenly refer to EMV payment technology as “chip & pin,” the more accurate term is “chip & signature.” This is because in the U.S., EMV technology will most likely rely on signature authentication instead of PIN authentication. And while security data will be stored inside EMV cards through an embedded chip, shoppers will not need to submit their PIN to complete a transaction.

Enhanced In-Store Payment Security

The embedded chip technology in EMV payment cards will dramatically increase in-store payment security. Prior to the rollout of this technology, the U.S.’s 1.2 billion credit and debit cards relied on antiquated magnetic strips with lax security controls and ample opportunity for fraud. In addition to banks inserting embedded chip technology into every major credit and debit card, retailers will be required to upgrade all in-store, point-of-sale card readers before the October 2015 deadline.

Online Fraud Will Increase

While in-store payment security will significantly improve as a result of the switch to EMV technology, online fraud is actually expected to increase thanks to this change. The U.S. rollout of EMV payments relies on signature authentication and does not incorporate any meaningful changes to online payment security. Unfortunately, this will cause fraudsters to shift their focus on a less secure payment medium—e-commerce.

This is consistent with other countries that have adopted EMV payment technology. When Europe made the switch to EMV, online fraud increased 21 percent according to data from Financial Fraud Action U.K.

Retailers and Card Providers Will Be Held Liable

After the deadline, banks and retailers that continue to support the magnetic strip debit and credit cards will be liable for any losses or damages resulting from fraud and security breaches. This is a major concern for the vast majority of banks and retailers. According to a new report from Javelin Strategy and Research, only 1.5 percent of cards and 10 percent of sales terminals are ready for EMV technology.

Not only will non-compliant retailers and banks be fully liable for instances of fraud or data breaches, but they will also face significant public backlash and negative publicity similar to Target and Neiman Marcus—both of which recently dealt with damaging security breaches.

To prepare for the sweeping changes EMV payment technology will bring, retailers need to take steps now and safeguard customer data and online payments. By leveraging frictionless, context-based authentication, retailers and payment providers can verify each account login based on fully-anonymized user identity, device usage, geo-location, customer behavior and other factors without compromising an individual’s identity or personal data.

Additionally, retailers can use real-time trust analytics to gain instant analysis of device, location and behavioral context for any authentication attempt. This strategy also keeps user data anonymous and safe by relying on pre-determined identity authentication rules and comparing them against industry benchmarks across the globe. These real-time trust analytics enable merchants and card providers to quickly identify fraud attempts and suspicious user behavior.

By taking steps now to improve online security, retailers and card providers can ensure that online customer data is protected and avoid dangerous fraudsters and hackers that can potentially ruin brand loyalty and sales down the road.

Andreas Baumhof is chief technology officer at ThreatMetrix.