For years credit card security in
the United States has been on the minds of consumers and companies alike. The
main problem for these security breaches lie with the outdated magnetic
“swiping” strip, which can very easily be stolen and duplicated using simple
card readers. However, as of October 1st, a small chip named the EMV
chip will be installed into all major credit and debit cards. While this may
not be brand new technology, this small chip has the power to improve financial
security across the nation.
The
security in this card comes from 3 different types of protection; card
authentication, transaction authorization, and cardholder verification. The
first step of security is Card Authentication, this is explained best in a
publication by the smartcardalliance.org, which states “Transactions require an
authentic card validated either online by the issuer using a dynamic cryptogram
or offline with the terminal using Static Data Authentication (SDA), Dynamic
Data Authentication (DDA) or Combined DDA with application cryptogram
generation (CDA)”[1].
Second, is transaction authorization, which using systems such as SDA, DDA, and
CDA, the EMV card is able to create different and ever-changing transaction
data that can only be used once. This is vital in the prevention of fraud
because it will make it nearly impossible to duplicate or even uncover previous
transactions that may be on the chip. The last layer of protection, which is
also the one that has been causing immediate problems in the U.S. is, cardholder
verification. As it has been for years with magnetic strips, the EMV chip will
require a signature along with the use of the card. The problem with this is
that a signature is in my opinion useless. Most people imply scribble their
name on a small screen that isn’t even matched up with a previous signature.
The best fix for this, which is being used in other countries around the world,
is to implement a pin that must be provided during each transaction. When
combined the EMV chip would be nearly impossible to duplicate or use without
knowledge of the pin.
Another
problem that may come as a result of this is a lack of technology on the
merchants end. However, the U.S. government has made their stance known by
putting a law into effect that makes any merchant not using an EMV capable
machine liable for any fraud that may occur in their store. This initiative is
pushing merchants to lay out the money and in turn providing more financial
security for themselves and their customers. This newly growing technology has
the potential to greatly decrease or even eliminate the financial dangers that
come with using credit cards. As research continues, their may be countless
other uses for this EMV chip that will make the IT world a safer place.
- [1] http://www.smartcardalliance.org/publications-emv-faq/#q1
- http://www.cio.com/article/2988531/security/emv-deadline-fraud-time-bomb-is-ticking.html
After reading this post, I do agree that EMV chips will provide a safter way for a store or business to process credit card trasactions. This chip is already widely used in Europe and there have been very few problems with it. The fact that the data can only be used once gives the chip great advantage over the normal swipe system we have today.
ReplyDeleteEven though I do see the many advantages associated with the EMV chips, I do see some potential concerns. First, how will the chip help the online shopping industry. In a time where more people shop online than in store, keeping credit cards secure online is a huge issue. From what I can see, the chip will not protect us against fraud online, thus diminishing its overall effectiveness. Another downside of widely implementing the chip system is that it could be costly. All consumers will have to order new credit cards with the chip if they do not own one with a chip. I have experienced this problem when ordering a card with a chip for a trip to Europe; the process was a tad tedious, making the change to the chip system cumbersome. Also, it may be an expensive process for small businesses to switch to the chip system. They would have to purchase all new card readers; if they are unable to, they may go out of business. In my opinion, the potential for small business failure should be considered before we widely implement the EMV chip system into all of our stores.