Chip credit cards – did you know about the deadline?

October 28, 2015
Chip credit cards – did you know about the deadline?

In June 2012 Visa, MaterCard and American Express announced that EMV chip-and-signature technology would be gradually implemented in the U.S. – thus appealing to all the smaller entities involved to develop their capabilities in order to support EMV.

This subject recently gained popularity over the Web because since 1 October 2015 the liability shift for Discover cards, Maestro cards and American Express cards is overdue. All the POS terminals were part of this migration, and the gas stations pay at the pump are to shift by 1 October 2017. All U.S. merchants were expected to make the necessary changes in hardware and software so that EMV cards are supported by their terminals.

The first company to issue EMV cards was the United Nations Federal Credit Union from New York – as announced by Gemalto in May 2010. Gemalto has delivered the first U.S. issued globally compliant EMV card.

Internationally, the first EMV liability shift took place in Europe and South Africa, on 1 January 2005, followed by the Asian/Pacific countries and Africa at 1 January 2006.

What does a chip-enabled card mean?

Chip-enabled cards are also called smart cards, IC cards or chip cards. EMV stands for Europay, Mastercard, Visa initials – it is an acronym. Currently, the EMV trademark belongs to American Express, JCB, Discover, MasterCard, UnionPay, and Visa. This type of cards represents an international technical standard based on an embedded-chip that stores all the necessary data (e.g. cardholder data and verification method), as opposed to the magnetic strip storage.

EMV trademark dates back to 1999 – the current version is v4.3. There are several EMV standard documents issued so far, with the latest specification version dating from November 2011.

The microcomputer processor in the new cards is placed behind a contact plate and protected by a resin layer. When inserted into a card reader, the card exchanges data with the terminal depending on the operations performed. Some of the cards need PIN authorization and others need signature authorization.

The traditional card that is now replaced by this smart card was the so-called “swipe and sign” that we all know and that has been introduced in the 1960s. Fraud and the necessity to operate offline motivated the earlier migration to chip cards in the case of other regions of the world. With fraudulent factors targeting less secured markets, the American market did not feel the need to rush towards the EMV trademark. However, the cyber-attacks are migrating towards the least resistant points, therefore the move to reinforce card security in the U.S. is a precautionary move, since magnetic stripe cards represented a weak entry point.  Although the industry needed time to prepare the shift, some merchandisers have met the deadline, while others are still struggling whit the changes.

Major chip cards benefits

  • Improved security

The most important benefits are the cyber-security ones – EMV offers a better protection against counterfeiting the cards and stealing cardholder data. Combining the chip, PIN and the wireless PIN pads makes it much less likely to have your card cloned than when using a magnetic strip card. Chip and PIN is the most reliable card type (yet it is not mandatory), while chip and signature represents the new standard.

The card itself features a security system designed to resist tampering and protects the stored in-memory information. The chips used for financial cards are the same type used in SIM cards, but have a lower limit, well below the SIM 6 mA limit.

EMV cards also support contactless card reading (NFC – near field communication) and NFC transactions.

Starting with 1 October 2015, if a chip-enabled card’s security is compromised while employing the card on a merchant’s system that has not been adapted to support EMV cards – the entire responsibility falls on the merchant. The liability for fraudulent charges has switched from banks to retailers.

However, the chip card is not infallible when it comes to cyber-security. FBI has issued a warning, in the form of a PSA and then retracted it upon banks’ complaint. The warning concerned the fact that using a PIN with the smart card is highly recommendable as opposed to using a signature in combination with the same card. You my still check here the way the smart card security issue has been approached by the FBI. This ensued a chip debate, in which banks and retailers share different opinions when it comes to EMV cards payment security, per types of cards. While small retailers support chip-and-PIN, bankers support chip-and-signature cards.

  • Global validity of this card type

Other regions on the globe have already implemented this standard beginning with 2005, and the U.S. is only aligning itself with the international card payment standards, making it easier for the cardholders to carry on transactions anywhere in the world, involving any currency. Although the number of traditional cards to be replaced with their modern smart card equivalent is somewhere in the vicinity of hundreds of millions, not all financial institutions are capable of doing this in the given time frame, and they rank credit cards over debit cards when it comes to prioritizing. The transition at the banks’ level is still in progress.

  • Advantages for merchants (underlined in view of motivating the shift at their level): better customer experience, data collection improvement, better fraud detection and lesser data breach potential. In addition, the most important of it all, compliance with the now global EMV standard that allows a considerable reduction in liability in case fraud takes place.

What is the field situation on the chip-enabled card?

We mentioned above the fact that the industry needed time for this major change. The migration roadmap was issued in 2012 by EMVCo, and by the 1 October deadline the percentage of compliant retailers might be still considered unsatisfactory.

A CSO article from 8 October 2015 reported that at least 50 percent (or even 75%) of the merchants have not met the official 1 October deadline. The 2017 expectations do not go over the level of 90 percent.

When focusing on the causes of this lack of action, the article unveiled lack of information among many commercial entities dealing with POS transactions and furthermore the difficulty in supporting the 75 percent quota of the payment system restructuring costs. The time span available for switching to the new procedures are considered insufficient by some merchants.

Also, the consumers’ attitude did not act as an incentive for companies to move on towards the change. Not liable when it comes to card fraudulence, most cardholders do not manifest any interest in taking a stand for the new system.

In addition, many banks chose to go with the “chip and sign” system over the more secure “chip and PIN” one, and because their liability shifted onto the merchants, they are neutral when it comes to pushing the most secure variant of all.

Did you know about the 1 October shift deadline? And if directly concerned, how did you manage the chip card challenges, professionally?

Subscribe to our weekly news digest!

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for subscribing.
We'll be sending you our best soon.
Something went wrong, please try again later