This system has a number of security flaws, including the ability to steal a card in the post[citation needed], or to learn to forge the signature on the card. More recently[clarification needed], technology has become available on the black market for both reading and writing the magnetic stripes, making cards easy to clone and use without the owner's knowledge.
Some US banks are now issuing Chip and PIN cards for their more affluent, frequent-travel customers. However, even though these credit cards have chips on board, many are in fact Chip and Signature cards;[1] as they require verification with a signature instead of an encoded PIN.
To solve this, banks and retailers are replacing traditional magnetic stripe equipment with smartcard technology, where credit and debit cards contain an embedded microchip and are authenticated automatically using a personal identification number (PIN). When a customer wishes to pay for goods using this system, the card is placed into a "Point of Sale" (POS) terminal, which connects to the chip on the card. To complete the transaction, the customer enters a PIN. When the POS terminal is connected to the network, the authenticity of the card and chip can be confirmed, along with the PIN, with the bank servers. If the POS terminal is not connected to the network, the chip can confirm to the terminal if PIN was entered correctly.
France has cut card fraud by more than 80% since its introduction in 1992 (see: Carte Bleue).
Chip and PIN is the name given to the initiative in the UK; other countries are launching their own systems based on the EMV standard, which is a group effort between Europay, MasterCard and Visa Inc.
More......
SAN FRANCISCO — That authoritative sstpp sound that comes from swiping a credit card through a reader is going away, to be replaced with the snick-snick of a card dip. It's the aural confirmation that after decades, the United States is entering the 21st century and finally embracing chip and PIN cards.
And that, in turn, means headaches but also, hopefully, security for millions of small businesses.
The new cards encode the user's account information not in the magnetic stripe along the card's back, but in a computer chip embedded in it. The chip generates a unique, one-time code for each sale.
"When chip data is stored in a merchant's system, that data cannot be used to create counterfeit cards," said Stephanie Ericksen, vice president of risk products for Visa.
"That makes merchants less of a target for criminals, because once they've mostly got chip data, there's not a lot the fraudsters can do with it," she said.
The PIN part of "chip and PIN" is something of a misnomer. In the rest of the world, when people buy with a credit card they dip their card in the reader and then input a Personal Identification Number, or PIN, much as Americas do when we use cash machines.
Here, most banks are issuing cards that allow a signature, rather than a PIN, as confirmation. Some banks are requiring PINs right away. Eventually it's expected all will.
The actual name for the new card system is EMV, for Europay, MasterCard and Visa standards. Though most people seem to be settling on "chip cards" as shorthand.
According to a report by the Federal Reserve Bank of Kansas City, Mo., the chip cards could reduce credit card fraud by 40% in the United States.
But getting to that happy day will require money, work and expense on merchants' part. And there's a deadline.
Currently, credit card companies and banks bear the liability for fraudulent purchases on credit cards. But beginning in October, merchants who haven't switched to readers that can take the new cards will be liable for fraud if there's a problem.
Though if your bank and credit union hasn't issued you one, they, not the customer or the merchant, are still liable.
Merchants aren't required to make the switch, but the cards are coming and they need to be prepared. While new cards will still have magnetic stripes, businesses are being encouraged to shift over quickly.
That means buying new credit card machines and software capable of reading both chip cards and magnetic stripe cards.
"It's not going to be without cost," said Todd McCracken, president and CEO of the National Small Business Association. "Depending on the size of the establishment, replacing all their card machines is going to cost a pretty penny."
About 30% of credit card terminals on the market today already have the hardware necessary to accept chip cards, though they don't necessarily have the right software, said Visa's Ericksen.
Credit card companies plan to spend the first part of the year in an all-out push to get companies to upgrade.
For example, American Express will begin offering $100 in reimbursement to small merchants that switch to the chip card readers in February.
"We've allocated up to $10 million for upgrades," said Anré Williams, president of global merchant services at American Express.
The idea is to give merchants encouragement to make the shift, knowing that, "they're busy; they've got a lot of things going on," Williams said.
Sooner will be better than later because security experts are predicting a wave of data breaches as the window is "closing for hackers to easily profit from point-of-sale attacks on brick-and-mortar retailers," according to Experian's 2015 Data Breach Industry Forecast.
The biggest question for McCracken, with the National Small Business Association, is whether the savings on fraudulent charges the credit card companies will see end up being translated into lower rates for merchants.
"They've been telling us for years that the reason small businesses pay such high fees for taking credit cards is fraud," he said.
If the liability is moving to the merchant, and if the new chip cards are so much more security in the first place, the credit card fees small merchants pay should go down. Those typically run between 0.5% and 2% per transaction.
Remember Oct 15, 2015!!!!
No comments:
Post a Comment