Those tiny new chips embedded in your credit cards promise to make it tougher for thieves to steal your data. But before the technology — known as EMV — is fully adopted, and probably for a long time after the transition begins in the fall, credit card fraud seems certain to rise.
An upcoming change in responsibility for paying for credit card fraud provides a strong incentive for card issuers and merchants to adopt EMV technology. This change is meant to reduce credit card fraud, but a new study by NerdWallet concludes that the opposite is likely to occur, at least at first.
Here’s more about EMV, its limitations and how to protect yourself from fraud.
What EMV is and how it works
A credit card with an EMV chip — indicated by the chip’s silver or gold foil covering on the front of the card — is more secure than a traditional magnetic stripe card. (EMV stands for Europay, MasterCard, and Visa, the three companies that created the standard.) While magnetic stripe cards contain static payment data that can be “skimmed” from one card and put onto a counterfeit card, EMV technology adds a bit of sophistication to the payment process.
“EMV chips create a unique payment code with every use, so if a fraudster was able to steal those payment credentials, they’d be worthless for any other purchase,” says Sean McQuay, NerdWallet’s credit card expert and former Visa strategy analyst.
As more merchants install new EMV-ready terminals, card skimming will concentrate on terminals that still use the old-fashioned swipe. “That’s why I caution consumers to be extremely wary any time they need to swipe a card after this fall,” McQuay says.
But as good as the technology is, EMV won’t solve all of our card security problems.
The limitations of EMV technology
Currently, responsibility for credit card fraud is borne mostly by card issuers. Starting in October, that responsibility will switch to whichever party to a transaction — issuer or merchant — isn’t using EMV technology, a change known as the “liability shift.” And while this shift gives both parties a lot of incentive to adopt the technology, EMV compliance is not required. Both parties need to upgrade to keep payments secure.
“EMV is a powerful tool, but it’s only effective if both consumers and merchants are ready to use it for transactions. Consumers need chip cards, and merchants need chip readers,” McQuay says. “If only one side has upgraded to EMV for a specific transaction, then the upgrade was a waste.”
With the adoption of EMV technology for in-person transactions, fraud is expected to migrate to transactions where the physical card doesn’t need to be present, such as for purchases by phone or online.
In the United Kingdom, for example, counterfeit fraud rates temporarily spiked and “card-not-present” fraud has continued to increase since EMV adoption in 2005. Card-not-present fraud in the U.K. rose 120% from 2004 to 2014. This same trend is likely to be seen in the U.S. after EMV technology is widely integrated.
Protecting yourself from fraud
It’s important to learn how to use your card’s chip to keep your transactions safe. The new terminals are really simple: Insert your card into the payment terminal chip-first. Leave it there and follow the terminal’s prompts. Remove the card when the receipt starts printing.
After October, try to buy only from brick-and-mortar merchants that have upgraded to EMV terminals. It’s likely that fraudsters will increasingly target merchants without EMV technology at this time.
Online shopping security won’t be improved by EMV technology, so stay vigilant.
“EMV chips are only useful in the real world — when you physically dip your chip-ready card into a chip-ready reader,” McQuay says. “For online purchases, it’s still entirely up to you and the online merchant to protect the card data you key in manually.”
To lower your chances of online fraud, avoid shopping on unfamiliar or unsecure websites. Secure sites will have “https” at the beginning of the payment page’s URL, rather than “http.” If you have card information stored at any online retailers, change passwords for those sites regularly. And avoid sending credit card information via email or social media.
The bottom line
While EMV technology will likely lessen counterfeit fraud, the upcoming liability shift in the U.S. may result in an indefinite increase in fraud in online shopping and other card-not-present transactions. So keep your data secure by learning how to use an EMV chip for in-person purchases. And take steps to prevent online fraud by shopping only through secure sites and not sharing your credit card data.
Images via iStock.