Does all of the talk surrounding chip-and-PIN payment card security have your head spinning?
If so, here’s the scoop:
Up until recently, credit and debit cards used one type of transaction authentication system referred to as “sign and swipe.” With sign and swipe, cardholder account information—such as account number—was stored on the back of the card inside of a magnetic strip. To complete transactions, retailers swiped cards through point-of-sale (POS) devices at the register to obtain the data. Then, customers would have to sign a paper or electronic receipt confirming the authenticity of the transaction.
The problem with this type of authentication system is that it is highly vulnerable to attacks and, thus, has led to a rash of data breaches over the past few years. The systems were vulnerable because retail POS machines collected and transmitted sensitive unencrypted information that turned out to be easily liftable by criminals with the right tools.
As a result of the shortcomings of sign-and-swipe payment cards, the U.S. payment card industry made a decision to switch its standard transaction authentication system to one that uses a new type of card referred to as “chip and PIN.”
So, why is the new type of card called chip and PIN?
Instead of using a magnetic strip to transmit cardholder information, payment cards are now required to be embedded with special microchips. These new cards—also referred to as Eurocard, Mastercard and VISA (EMV) cards—have been popular in Europe since as far back as the 1980s. Only now is the movement starting to catch on in America.
Here’s how they work:
Instead of swiping chip-and-PIN cards, retailers insert the card into a special device that scans the microchip and creates a one-time transaction code, or token, in lieu of sending actual account numbers through the payment system. PINs can also be added for extra security.
The hope is that this standards system will help reduce payment card fraud and data breaches, as it will prevent hackers from gaining access to unauthorized account information that they can then use to make fraudulent purchases; one-time transaction codes would essentially be useless to hackers. The new system will also make it easier for online retailers and contact centers to conduct more secure remote transactions, as cards can coordinate with smartphones to transfer tokens over mobile networks.
There’s only one problem with this system: bringing banks and retailers up to speed with the new standards system. Migration is simply not going to be an easy or quick process.
October, for instance, marked an important liability shift deadline regarding swipe-and-sign cards. As of October 1, liability costs for fraud-related incidents will be paid by whichever party—be it the card-issuing financial institution or the retailer—has the lesser security technology, the Wall Street Journal reports.
Unfortunately, the vast majority of U.S. businesses are unprepared for this deadline. As of August, just 20 percent of cards had been upgraded to the new system by card issuers. At this current rate, it could take a great deal of time—years, perhaps—until the entire country is fully compliant with new chip-and-PIN standards.
It should be noted, however, that while chip-and-PIN cards are a positive step forward for the industry, they don’t solve the problem of card theft. While chip-and-PIN cards do help prevent hackers from lifting sensitive data, they still leave cardholders vulnerable to fraudulent transactions as it’s still impossible to verify the end user’s true identity when using them. A stranger, in other words, could still use the card to make unauthorized purchases.
It’s critical, therefore, that retailers embrace advanced identity verification systems using cutting-edge technology like voice biometrics. By registering end-user voiceprints at the point of sale, retailers can ensure that end users are in fact who they claim to be when using their cards.
Voice biometrics also presents a viable solution for retailers looking to add extra fraud protection while making the transition to chip-and-PIN payment systems.
Click here for more information about voice biometrics.