10/15/2015: New Credit Card Chip Technology
Maybe you’ve gotten a new credit or debit card in the mail or heard something about the U.S. moving to the “Chip and Signature” or “Chip and PIN” standard. The U.S. is moving toward adopting these standards, and October 1st, 2015, is a major deadline for U.S. payment companies and merchants.
What is Chip and Signature/Chip and PIN?
The Europay, MasterCard, Visa (EMV) standard uses payment cards with a chip and requires either a PIN (Chip and PIN) or a signature (Chip and Signature) to authorize a payment. The chip is a small metal square, typically silver or gold, on the payment card that stores encrypted, dynamic data. After payment approval during a transaction, the data on the chip will change. This is different from the older magnetic strip cards, where the data on the magnetic strip never changed, which made it easy for malicious actors to copy. With the new chips, it will be more much difficult for malicious actors to read the data on the chip and then, because it constantly changes, to counterfeit it.
Chip and Signature/Chip and PIN cards are only new to the United States. Many countries around the world already uses these new technologies because they help to reduce credit card fraud through the use of authentication, verification, and authorization.
- Authenticating a card through its chip helps to prevent counterfeit cards.
- Verifying the card holder through the signature/PIN helps protect against lost or
- Authorization of the transaction indicates that both the merchant and buyer agree
to the transaction.
When you purchase an item using a chip card, the credit card may be swiped, like you are used to, or it may be placed into a slot, placed on a sensor, or waved over the sensor. The merchant will direct you on what to do.
To ensure backwards compatibility with existing payment systems, the magnetic strip will remain on the new payment cards and store static data. During the transition period, this static data can be stolen and used to commit fraud. After the transition period, the magnetic
strips will probably be phased out.
Which is the U.S. using – Chip and Signature or Chip and PIN?
While there is no law that forces credit card companies in the United States to use one or the other, most credit card companies are electing to issue Chip and Signature payment cards to U.S. consumers.
Will this change my online purchases?
No, the change to Chip and Signature should not change how you purchase items online. However, if you are issued a Chip and PIN card, you may need to enter the PIN number to complete the purchase. And as with any new payment card, if you have pre-authorized charges for monthly expenses, such as the gym or an online website, you will need to update your payment card information with the merchant because your account number will change.
Will this change my purchases while traveling overseas?
No, the change to Chip and Signature/Chip and PIN should not change how you purchase items overseas. However, some U.S. citizens are reporting difficulties in using magnetic strip-only credit cards overseas, where Chip and Signature/Chip and PIN has already been implemented.
Why change credit cards?
Malicious actors know how to read the magnetic stripe on the back of magnetic stripe cards and because that information never changes, they can copy it onto a new payment card and fake the card holder’s signature. As long as the real payment card is valid, the fake card will be valid, too. Once there is wide spread adoption of the chip technology, the magnetic stripe will no longer be included on the cards subsequent cards.
If your bank, email account, or social media account sends a“passcode” to your phone when you try to login, you’re already using two-factor authentication. The passcode sent to your phone requires you to have your phone (something you have) and the website’s password (something you know).
What if I’m still the victim of Identity Theft?
Even with the new payment cards you or someone you know may still be the victim of identity theft. If you think you are a victim, file a report with your local police department, and notify the three credit reporting agencies: Equifax, Experian, and Transunion. Also check IdentityTheft.gov, the Federal Trade Commission’s (FTC) website for more resources. It contains free information about recovering from identity theft, as well as information regarding the most current scams and frauds. Complaints may be filed at ftccomplaintassistant.gov.
More information on EMV and the transition is available at: emvconnection.com.
The information provided in the Monthly Security Tips Newsletter is intended to increase the security awareness of an organization’s end users
and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home
computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. This is especially critical if
employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute
this newsletter in whole for educational, non-commercial purposes.
Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant
the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein.
The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.