Most credit cards in the U.S. now come with embedded EMV chips. The magstripe presented on older cards was easier to clone, making them prone to fraud and abuse. Even signatures sometimes proved to offer insufficient protection, which is one of the reasons why the major credit cards dropped this verification requirement in 2018.*
In recent years, the payment industry has encouraged customers and businesses to shift from magstripe technology in favor of:
Both are more secure than their legacy magstripe counterparts, but which one offers the most protection from payment fraud?
EMV credit cards come with embedded security chips that are difficult to clone. As such, the original card must be present when initiating in-store purchases. Instead of “swiping” their plastic at the checkout counter, customers can “dip” their EMV cards into the chip reader.
In most countries, authorizing the purchase requires a personal identification number (PIN) that only the user knows. This chip-and-PIN technology exists in the U.S., but some issuers also distribute chip-and-signature cards, too.
Even though the credit card companies no longer require signatures as an authorization step, many merchants (and consumers) still expect it. This means if a criminal were to get his or her hands on a physical EMV credit card enabled with chip-and-signature capability, the criminal may technically be able to authorize fraudulent purchases using a forged signature.
Contactless credit cards leverage near field communication (NFC) technology to establish a wireless connection with the cashier’s credit card reader. The transaction is initiated when the customer taps or waves his or her contactless card over the reader, but for a connection to occur:
The transmission is secure, and since contactless cards are also typically EMV cards, they share the same encryption technology, making it difficult for a thief to create a counterfeit card.
Although because contactless cards don’t necessarily require the user to enter a PIN number, a thief could technically make a purchase if the card got into the wrong hands.
Both payment options are safer than magstripe plastic, but they also both possess security limitations:
Additionally, if your card still has a magstripe on the back, it can still be used to make purchases with legacy readers. A thief could theoretically:
Unless a cashier is properly trained to identify a potential fraud threat, the transaction will go through. The same could hold true if that thief starts with a stolen contactless credit card instead.
Yet, contactless payment technology does have one major advantage over EMV credit cards.
It’s possible to securely “link” credit cards to smartphones or wearable devices — provided they also come with NFC capabilities. This makes it much harder to steal a user’s payment information since:
Payments made through mobile wallets, like Apple Pay® and Google Pay™, on smartphones or wearable technologies can benefit from the most fraud protection. Because legacy, contactless, and EMV credit cards can all be linked to NFC-enabled devices, this may be the safest strategy.
While contactless payments are gaining more popularity, especially in the wake of a pandemic, some of your customers might still prefer using physical credit and debit cards, most of which now come embedded with an EMV chip.
Smart businesses take precautions to help reduce fraud risks within their payment environments. In addition to choosing a PCI-compliant payment processor and upgrading to payment terminals capable of accepting EMV and NFC payments, it’s important that you explore security features such as:
To learn more, schedule a free consultation with our merchant services team today.
The above is provided for information only and should not be relied on for other purposes.
* “Should Small Business Require Receipt Signatures,” Business News Daily, 4 December 2020