The EMV chip
card
EMV cards are
trying to make landfall in the U.S., thanks to major initiatives from the
payment networks -- Visa, MasterCard, American Express and Discover.
Widely used
abroad, these cards contain a microprocessor chip that stores the account
information and communicates to the checkout computer at purchase. The chip
then encrypts the purchase data uniquely each time it's used. Vanderhoof refers
to this as "dynamic" data.
This makes it
harder for criminals to pick up useful payment data and use it again for
another purchase, and it practically wipes out counterfeit fraud. In the U.K.,
counterfeit fraud fell by more than 70 percent from 2007 to 2012 after the countrywide
adoption of EMV cards, according to a report from the UK Cards Association and
Financial Fraud Action UK.
EMV cards come
in two varieties: chip-and-PIN and chip-and-signature. The former requires a
personal identification code to further verify a transaction and helps to
prevent fraud from lost or stolen cards, Carolyn Balfany, senior vice president
and group head at MasterCard, explained at the Card Forum & Expo in April.
The second requires only a signature and is less effective against lost or stolen
fraud.
But EMV isn't
ironclad. Chip cards guard only against counterfeit fraud. It doesn't help
prevent fraud that occurs when only the account information is used for a
purchase, such as over the phone or online.
The contactless
card
Contactless payment
cards boast convenience and ease-of-use at purchase, but are they secure? A
host of recent reports have called into question their security.
This type of
card uses near-field communication, or NFC, to conduct payments. Card
information is stored in a chip on the card or device and that data is
transmitted via radio frequency to a payment terminal equipped to accept this
type of tap-and-go payment. Some credit cards and gas stations offer this
technology.
The technology
is similar to RFID, or
radio frequency identification, found in electronic toll collection tags
such as E-ZPass. The key difference is the RFID technology is meant to be read
at great distances, while NFC technology is meant to be read at a very close
distance, no more than 4
inches.
The media
reports focused on the possibility that someone could lift the information from
a card while it's still in a wallet by simply waving an NFC reader close to it.
So far, the fears are unfounded because they have occurred only in
demonstrations. There has been no reported fraud committed like this.
"It's
certainly not in banks' interests to employ a technology that puts their
consumers in danger," says Michael Misasi, senior analyst at Mercator
Advisory Group. "It's my understanding that NFC cards only operate within
a couple of centimeters."
NFC cards also
allow consumers to hold onto their cards throughout the entire transaction,
eliminating the ability of fraudsters to skim their cards
No comments:
Post a Comment