It seems these days everyone is talking about the chip that's coming—or has already has arrived—to American credit and debit cards starting this year. The tiny metal square embedded in our plastic is supposed to keep our financial information safer, and ward off the kinds of huge retailer breaches that dominated the headlines in 2014. We turned to Stephanie Ericksen, vice president of Risk Products, Visa, Inc., for answers to some of our most burning questions about the changes ahead.
What is EMV technology, and how does it work?
EMV cards—commonly called chip cards—have a little computer chip embedded in the top of the otherwise regular-looking card. The chip provides an extra layer of protection, Ericksen says, by adding a unique code to each transaction. This code can only be used for that particular purchase and can never be re-used. "This feature makes chip card data nearly impossible to be reused by criminals for fraud in a store," she says. So if hackers access the transaction data of a store that only handles EMV payments, all they will see are the codes, not the card numbers themselves, meaning there's nothing useable to skim for unauthorized use.
How do I even use this thing if I'm not swiping?
Instead of swiping, you will now insert your card into the checkout terminal (usually found at the bottom of the keypad). "If you're not sure whether the terminal accepts chip cards, swipe it first and the terminal will prompt you what to do," says Ericksen. Don't immediately pull your card out. Keep your card in the terminal while you complete your purchase by signing or entering your PIN as normal. Just remember to take your card with you when you're done with the transaction!
How is it safer than the magnetic stripe on a credit card?
Unlike a traditional swipe card, an EMV card is "virtually impossible to reproduce," says Ericksen. That's because the chip stores your financial information as "dynamic data," meaning it's constantly changing (remember the unique transaction codes?). So any information potentially lifted from one transaction will not be useful to a hacker, because the data works only for that one purchase. A magnetic stripe, on the other hand, stores your information as "static data." Hackers can take the data from one swipe of a magnetic stripe card and use it to make duplicate cards linked to your account.
Are there any loopholes to EMV technology that fraudsters could potentially exploit?
"There are no silver bullets to solve for every type of fraud," says Ericksen. She specifically pointed out that EMV cards make it nearly impossible for criminals to re-use your card data in a store. However, that does not rule out the possibility of online fraud. Someone can still use the numbers from the front of your card at will to make online purchases. You should always be vigilant about your card and account information to make sure it doesn't get into the wrong hands.
If my credit card company or bank hasn't already updated my card, how can I get one?
"Typically, banks are issuing new chip cards as accounts expire," says Ericksen. Some might even send you one early, depending on the bank or credit card provider. The big date to know is October 1st. "That's when the fraud liability shifts to whichever party, the issuing bank or merchant, does not have chip technology," she says. So while not everyone may have this technology ready to go at the beginning of the month, avoiding potential payouts in case of fraud is a big incentive for banks and merchants to update ASAP.