In today’s digital world, email is one of the main ways we contact each other. 14 years ago, Congress signed a set of rules called the CAN-SPAM Act designed to protect consumer privacy and limit the amount and type of unsolicited marketing messages they receive.
EMV Chip Technology – What is it?
Tamara here with the AllClear Investigators. It’s hard to find anyone nowadays that has not had fraudulent charges on their credit or debit card. It can happen a number of ways, whether the card was skimmed, the number compromised in a breach, physically stolen, provided to a scam artist, or obtained online as a result of malicious software. Per the Federal Trade Commission and the Consumer Sentinel Network Report, 8.1% of complaints filed involved existing account fraud at banks and for credit cards in 2011. Though that is a 1.4% decline from the previous year, it is still an issue which needs to be addressed.
One route card issuers are taking to help combat this type of theft is the implementation of EMV chip cards. EMV stands for Europay, MasterCard, and Visa. An EMV card would help ensure secure transactions with dynamic authentication and chip technology. Let’s take a look at these.
Dynamic authentication uses cryptography (or other means) to create a one-time use authenticator, which changes with each transaction. Essentially, a different seal for each charge is created and verified. This is helpful in reducing fraud by limiting a thief’s ability to duplicate the authenticator.
For chip technology, the card is inserted to an acceptance device and initiates contact and exchanges data with the terminal. Another form of chip card technology is where the card is waved over a reader, communicating via radio frequency. Additionally, the cardholder verification is secured by the chip when the correct PIN (Personal Identification Number) is entered.
The chip itself will help to reduce fraud due to the fact that the information cannot be skimmed. Magnetic strip cards are easily skimmed with the cardholder being unaware, until the victim discovers the fraudulent charges.
That being said, EMV transactions are still vulnerable to “man in the middle” attacks. Put simply, the stolen card is inserted into a “man-in-the-middle” device then used as usual. The criminal can enter any PIN and the device will randomly generate the authentication seal and confirm the PIN, authorizing the transaction. Though the PIN was not correct (they could enter something as simple as 0000), it is reflected on both ends as being so. A larger down side of this is, because records will show a “correct” PIN was entered, it can make it difficult to dispute the charges.
Though cards have been issued worldwide – over 750 million – they are slowly migrating to the United States. Be sure to inquire about EMV technology and whether or not your financial institution is planning on implementing this new technology.
Note: For clarity edits were made on 11/5/2012 to the following parts of this blog post:
– Sentence: This is helpful to reduce fraud due to the reduction of duplicity. Changed to: This is helpful in reducing fraud by limiting a thief’s ability to duplicate the authenticator.
– Sentence: For chip technology, the card is inserted to an acceptance device and imitates contact and exchanges data with the terminal. Changed to: For chip technology, the card is inserted to an acceptance device and initiates contact and exchanges data with the terminal.