Skip to content

Recent News

EMV Chip Technology – What is it?

Tamara here with the AllClear Investigators.  It’s hard to find anyone nowadays that has not had fraudulent charges on their credit or debit card. It can happen a number of ways, whether the card was skimmed, the number compromised in a breach, physically stolen, provided to a scam artist, or obtained online as a result of malicious software. Per the Federal Trade Commission and the Consumer Sentinel Network Report, 8.1% of complaints filed involved existing account fraud at banks and for credit cards in 2011. Though that is a 1.4% decline from the previous year, it is still an issue which needs to be addressed.

One route card issuers are taking to help combat this type of theft is the implementation of EMV chip cards. EMV stands for Europay, MasterCard, and Visa. An EMV card would help ensure secure transactions with dynamic authentication and chip technology. Let’s take a look at these.

Dynamic authentication uses cryptography (or other means) to create a one-time use authenticator, which changes with each transaction. Essentially, a different seal for each charge is created and verified. This is helpful in reducing fraud by limiting a thief’s ability to duplicate the authenticator.

For chip technology, the card is inserted to an acceptance device and initiates contact and exchanges data with the terminal. Another form of chip card technology is where the card is waved over a reader, communicating via radio frequency. Additionally, the cardholder verification is secured by the chip when the correct PIN (Personal Identification Number) is entered.

The chip itself will help to reduce fraud due to the fact that the information cannot be skimmed. Magnetic strip cards are easily skimmed with the cardholder being unaware, until the victim discovers the fraudulent charges.

That being said, EMV transactions are still vulnerable to “man in the middle” attacks. Put simply, the stolen card is inserted into a “man-in-the-middle” device then used as usual. The criminal can enter any PIN and the device will randomly generate the authentication seal and confirm the PIN, authorizing the transaction. Though the PIN was not correct (they could enter something as simple as 0000), it is reflected on both ends as being so. A larger down side of this is, because records will show a “correct” PIN was entered, it can make it difficult to dispute the charges.

Though cards have been issued worldwide – over 750 million – they are slowly migrating to the United States. Be sure to inquire about EMV technology and whether or not your financial institution is planning on implementing this new technology.

 

Note: For clarity edits were made on 11/5/2012 to the following parts of this blog post:

– Sentence: This is helpful to reduce fraud due to the reduction of duplicity. Changed to: This is helpful in reducing fraud by limiting a thief’s ability to duplicate the authenticator.

– Sentence: For chip technology, the card is inserted to an acceptance device and imitates contact and exchanges data with the terminal.  Changed to: For chip technology, the card is inserted to an acceptance device and initiates contact and exchanges data with the terminal.

Comments

  1. I really want to understand this technology and what cards currently use it but this article didn’t quite help me enough. How about adding a diagram or illustrate a usage scenario (similar to a USA Today or CNN diagram)?

    BTW, I’m not sure why this section is entitled “Leave a Reply” and the button is “Submit Comment”. Also, I think you mean “initiates contact” instead of “imitates contact”.

    1. Thanks Paul – we did find a few typos in the blog that we’re updating! As for the request for more info, the Investigators will get back to you with more in the next few days. Thanks, Kirsten

  2. Interesting article on EMV. I recently watched a video (you Tube) of a former fraudster who now helps law enforcement determine ways to fight fraud and identity theft scams. He showed how easy it is for a fraudster to take a scanner (similar to those used by merchants to scan the chips at point of transaction) to obtain all the card information necessary to perform purchase transactions successfully. They accomplished this at an airport by holding the scanner close to people’s baggage and back pockets, where they keep their wallets. Have you seen or heard of this? If so, can you please comment on it? I’m interested in the safety of these EMV cards, given this video. I have several credit and debit cards with this technology. Thank you!

    1. Mark, thanks for the questions. We’ll send to the Investigators and get back to you with more in the next few days. Thanks, Kirsten

      1. Mark,

        Investigator Tamara shared this response to your questions:
        It sounds like you saw a video about RFID technology. RFID credit cards can be scanned remotely unless you have a wallet or protective case to block these kinds of attacks. Stewart/Stand is one company that makes wallets that block RFID scanners: http://www.stewartstand.com/pages/rfid-blocking.

        The difference is that EMV cards don’t use RFID technology, and EMV cards only work when they are very close to the payment terminal. Cardratings.com has a pretty simple Q&A of true and false things about EMV here: http://www.cardratings.com/chip-pin-emv-rfid-credit-cards-myths-urban-legends.html

        Though it has been shown that there is a vulnerability with EMV Smart Cards, it seems easy to protect against. According to a study reported on by Consumer Reports “Researchers at the University of Cambridge in February 2010 uncovered a vulnerability in EMV smart cards that could allow a criminal armed with certain electronic equipment to make a purchase using a stolen smart card without having the correct PIN, though Gartner’s Litan says that attack method would be relatively easy to guard against.” Source: http://www.consumerreports.org/cro/magazine-archive/2011/june/money/credit-card-fraud/overview/index.htm

Leave a Reply

Your email address will not be published. Required fields are marked *

[wds_resources_posts hide_posted_on="" featured_posts_only="" ignore_post="8339" hide_featured_image="" tag_location="below_title" post_type="post" term_comparision="ALL" resource_cat="" resource_tag="" post_cat="" post_tag="" heading="Recent News" subheading=""]

Recent News

CAN-SPAM Gives Email a Makeover

In today’s digital world, email is one of the main ways we contact each other. 14 years ago, Congress signed a set of rules called the CAN-SPAM Act designed to protect consumer privacy and limit the amount and type of unsolicited marketing messages they receive.