October 1, 2015 is EMV Day in the United States.
Specifically, it’s the date that the credit card industry has picked for the switch over in the United States from credit cards that use 1960s-era magnetic strips to ones that support EMV, the industry’s term for credit cards with an embedded chip.
“EMV stands for “Europay, MasterCard, and Visa” the consortium behind the initial development of the technology in 1994. Where magnetic strip cards store information in an easily readable form, EMV cards encrypt the information on the card.
EMV cards have been in use in Europe and elsewhere outside the US for a number of years. There these cards are typically used in conjunction with a personal identification number (PIN) for so-called “chip-and-PIN” transactions where customers provide their credit card and then enter a PIN into the terminal to complete the transaction.
Two years ago, the credit card industry called for a broad implementation of EMV in the US, in part to help prevent events like the rash of retail data breaches affecting Target and others at the start of 2014. As our recent detailed report on data breaches Follow the Data: Dissecting Data Breaches and Debunking Myth” has shown the concern is real: retail data breaches are up significantly since 2009. The credit card industry picked October 1, 2015 as the target date for the switch over to EMV.
Now that this date is here, the question is: what does this mean for you?
As a credit card holder, this date mainly means that you should have a new credit card with a chip on it. That’s it, at least for now in most cases. Right now, the US is not following the rest of the world and implementing “chip-and-PIN,” mainly opting instead for the easier-to-use but less secure “chip and signature.” In practical terms, this means you’ll most likely still use a credit card and then sign for the transaction: no PIN required.
Longer-term, the goal is to move to chip-and-PIN in the US. And in some cases, some companies are already implementing that for cardholders. But for most cardholders the only change is a new card with a chip on it.
If you’re a merchant, EMV Day means that you should by now have upgraded your credit card terminals to support the new credit cards that your customers should have. Under the terms of this plan, the liability for losses from credit card fraud may shift to merchants if they haven’t implemented support for EMV.
The key word in all of this is “should.” Because the reports are making clear that the industry hasn’t met its self-imposed deadline for EMV Day: reports indicate that upwards of 60% of card holders and merchants aren’t ready.
The good news is that moving to EMV WILL help reduce some fraud and theft. The bad news is that the bad guys have already been working on new attacks that account for EMV, perfecting them in places like Europe. Even if EMV Day was a success with 100% implementation in the US, it still would be an imperfect solution at best. The truth is it’s a 21 year old technology and the best hopes for meaningful steps to combat credit card fraud lies in other, newer technologies.
You can learn more details about EMV as well as other new payment technologies on our Next-Gen Payment Processing Technologies: What They Are, and How They Work page.
For now, the best thing you can do is to use your new chip-enabled card when you get it and otherwise, keep doing the same smart things you have been: checking your statements regularly, reporting suspicious activity and getting real-time credit and identity –theft monitoring.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.