Why the change and how do they work?
By Robert Nelson
New Chip and Sign Credit Cards
In the US we all know our credit cards are changing, from the old style Swipe and Sign to the New Chip and Sign Credit Cards. The reason for the change is due to the high profile data breaches of retailers computer systems in the last decade leading to customers credit data being stolen and an attempt at reduce credit card fraud.
The old Swipe and Sign cards have been in use in the USA for decades and work by embedding the customers data in the magnetic strip on the back. This strip can be read by any credit card scanner and copied on to a new blank card allowing the fake card to be used just like the original.
The new Chip and sign card is the US version of the Chip and Pin system that has been in use in Europe since the 1990’s. That system was developed by Europay, MasterCard and Visa, these leading credit companies worked together to create a new secure standard for the credit industry based on earlier French research started in 1984. The cards are called EMV Cards after the three companies that developed the system and are credited with reducing credit card fraud in Europe by 67% according to the UK Cards Association.
On the new US Chip and Sign cards the data is stored on a computer chip embedded in the card face. This chip has no power supplied to it until it is plugged into a reader. Once plugged in the reader instead of sending all your credit card data to the merchant it sends a Cryptographic key and a one time code that a hacker can not use to make fraudulent transactions. Once the card is inserted and read the customer will accept the sale by signing on the reader screen.
If you look on the back of your new chipped cards you will see they still have a magnetic strip on the back. This is so you can still use your new card even if the retailer has not yet upgraded to the new EMV readers, they are expensive. Visa, Discover and MasterCard have announced they will hold retailers that have not upgraded their readers liable for any fraudulent transactions using the magnetic strip. Any fraudulent transactions made on EMV equipped readers when a magnetic strip is swiped will still be the banks responsibility
Many consumers have expressed concern that these chips can be scanned by some passing close to them using a scanner like an RFID chip. This is unlikely to happen, these cards use NFC (Near Field Communication) requiring very close contact, only a few centimeters. And even if the chip is scanned the data is encrypted and they will get a lot of meaningless data.
Some retailers have expressed concerns that the US Chip and Sign version is not as safe as the European Chip and Pin system and that we can not compare the them for fraud reduction. They say the card issuers are blurring the line between the systems. The European cards require the user to enter a four digit pin instead of a signature, the pin can be changed frequently where a signature does not.
The facts are that card issuers and retailers are spending millions on the news system and are not ready to increase their cost on the Pin system, the same is true for contactless pay. These changes may still come but they will take far more time.
What we all must remember that no matter what new protections are placed on our credit cards our data can still be at risk. The new Chips will not protect you when used for online transactions and even the Chip and Pin system can have risks. So always make sure your cards are kept safe. Never carry them with you if you do not need them and keep them in a secure place at home. Make sure to shred any important papers, bills and credit card offers before you throw them away.