EMV cards contain a computer microchip that encrypts, or produces a unique, one-time cryptogram for each transaction to make it more secure than a magstripe card transaction. Chip cards work only with PCI (Payment Card Industry) certified devices that are compliant with EMV chip-and-pin standards.
So, whenever you “dip” a chip card in a reader (as opposed to swiping a magnetic stripe card), it creates a unique code that changes with every transaction. Compare that to data stored in a card’s magnetic stripe; that data never changes, making it susceptible to being cloned or skimmed.
Indeed, in 2019, Visa reported that counterfeit fraud from retailers who have chip-enabled payment terminals declined by 75 percent in 2018 compared to 2015, with continued decline in 2019.
A simple apples-to-apples comparison of both chip and swipe highlight the different card data security aspects of both:
EMV chip “dip”
Card Data Security:
✓ Impossible to clone. One-time-use cryptogram per transaction (card data changes for every payment)
✓ No personal information about cardholder stored on chip
✓ Fraud liability shifts to payment vendor
✓ Only compatible with PCI Certified Devices (reduces PCI scope) P2PE
✓ NFC-enabled (Near Field Communication) which facilitates even more secure contactless payments
✓ Electronic signature capture
✓ Wi-Fi Enabled
✓ Dip and swipe compatible
✓ Ethernet port
3 EMV certification levels: (layers of security testing)
✓ Hardware: Logic and transmission of payments are tested
✓ Software: The transmission of payment information is tested
✓ Payment Application: Card brand tested against entire processing solution
Card Data Security:
⨉ Data stored within stripe never changes. (card data vulnerable to skimming or cloning)
⨉ Stripe cards stores account details and account holder info.
⨉ Fraud liability is with merchant or agency office.
For government agencies, fighting fraud will be an ongoing battle, but why not eliminate your agency’s liability when fraud occurs? Certified P2PE EMV payment devices with chip-and-pin authentication significantly reduces fraud risks. So, if your payment vendor hasn’t already reached out to you to get your office EMV compliant, take the lead by finding a vendor who who supports EMV.