Credit Card Security

The US credit card industry uses a magnetic strip on the card and only requires a signature for a transaction.  When a card is not available at the point of sale (POS), the CMV code (three or four digit code on the back of the card) is required.  Over the years, this technology has proven to be very insecure.  Europay, MasterCard and Visa created a new, secure global standard EMV for credit card payment.  The standard was created as a means to accept integrated circuit (IC) chip based payment cards.  Other card companies such as American Express, Discover and others have joined the standard, which also includes protections for purchases made on-line, when the card is not present at the point of sale.  The US is the last country to adopt EMV, and makes up 24% of global credit card transactions and is responsible for 50% of worldwide fraud.

Coming this October, the liability on who is responsible to cover fraudulent transactions will shift from the financial services company (issuing bank) to the merchant (the store/vendor).  The current liability language leaves room for interpretation, but if you are a merchant that accepts credit cards, it is highly recommended you plan on being able to accept EMV cards by October.

Americans who travel overseas have had issues with magnetic stripe cards not being accepted.  The US adoption of the EMV standard will resolve this issue.  The cost for a striped credit card is 25 cents compared the price of a chip card, which is upward of $2.50 each.

In 1995, EMV 2.0 was the first full release of the standard.  The current version of the EMV standard is 4.3, which was released in 2011.

Posted by Jack Gerbs