How does a chip card work?
July 10, 2019
The future of electronic payments is changing. Financial institutions, card brand networks, merchants, payment processors and others continuously work to develop new technologies and best practices that create safer electronic payments, protecting businesses and their customers.
Chip card technology – also known as chip-and-PIN or EMV – is a shining example of how these collaborative efforts can succeed. Chip-and-PIN technology is a secure method to store and exchange sensitive credit card and debit card account data between merchants and their customers.
In this payment security article, we’ll look at how chip cards work to protect businesses by reducing the risk of certain types of payment fraud.
What is an EMV chip card?
EMV stands for Europay, Mastercard and Visa, the three organizations that created the original chip-card specification that was unveiled in 1996. EMV was created to combat mounting losses related to the use of stolen and counterfeit credit cards.
The embedded security chip holds encrypted data and makes EMV technology extremely difficult to duplicate. The stored transaction codes are dynamic, meaning they change and are never used twice, which keeps the data from ever becoming compromised. Even if a hacker manages to steal the authentication code, it’s useless for future transactions and makes duplicating cards to commit counterfeit fraud nearly impossible.
Effective in reducing card-present counterfeit fraud in every region where the technology has displaced magnetic stripe, EMV chip cards are now the global standard for card security. According to EMVCo data , nearly 11 billion EMV cards have been deployed worldwide – and nearly one billion of those cards were added in 2020 alone.
How do EMV chip cards work?
An enabled EMV terminal reads and verifies the card information contained in the embedded chip when inserted into the slot of the payment terminal. Like using the magnetic stripe, card data is then processed for payment authorization; the key difference is that the chip card generates a one-time code for each transaction while a traditional magnetic stripe card does not.
An additional way to use an EMV card is as a contactless payment method. Using near field communication (NFC), the enabled card may be tapped, waved or held in close proximity to a payment terminal to complete the transaction.
How are EMV chip card transactions processed?
Chip cards work with payment acceptance devices that are certified to be compliant with EMV chip-and-PIN standards. During a transaction, the customer inserts the payment card into the terminal. The chip and the card reader communicate to authenticate the transaction.
After inserting the card, the customer follows on-screen instructions that further validate the transaction. This process will vary depending on which verification method has been specified by the card-issuing bank. Chip-and-signature systems are largely being replaced by chip-and-PIN transactions that require the customer to enter a PIN to complete the transaction.
After cardholder authentication methods are completed at the terminal, online processing begins. Additional authentication and other security and fraud filters may be performed by the card issuer before returning approval or decline codes to the EMV terminal.
Are chip cards safer than magnetic stripe?
By generating a unique code with every transaction, chip cards offer significant protections that standard magnetic stripe cards lack.
Magnetic stripe (or “magstripe”) cards are an analog technology, which first appeared in the 1960s. Using the same technology behind analog cassettes, magnetic stripe cards contained all the data necessary to conduct a credit or debit card transaction. Magstripe came into widespread use in the 1980s and represented a significant security upgrade from paper-based credit card imprinters.
Unfortunately, the technology behind magstripe eventually proved fairly easy for hackers to manipulate. Though hidden from the naked eye, magnetic stripe held sensitive credit card data in plain text on the card. Criminals turned to credit card “skimmers” and other methods to gather this data – the raw material needed to produce counterfeit cards and commit fraud.
Can you still swipe a chip card?
The majority of US cards still include the magnetic stripe. So yes, a chip card with a magnetic stripe can be swiped by a merchant who does not support chip technology. However, doing so subjects cardholders to exposing their sensitive card information, making themselves vulnerable for falling victim to card skimmers.
Doing so may also put the business at risk. Regardless of facts and documentation, should a customer dispute any transaction where a chip card was swiped, the business can be held liable and responsible for the chargeback.
Do all retailers accept chip-and-PIN cards?
The US was among the last major global economies to make the transition. On October 1, 2015, a key shift in liability ushered in an important phase. Previously, liability for counterfeit fraud generally fell to card-issuing financial institutions. After this shift, liability fell to whatever party hadn’t adopted chip card technology. The EMV liability shift helped incentivize businesses to adopt and certify EMV-compliant credit card acceptance equipment.
Although not every merchant accepts chip-and-PIN cards today, acceptance is growing. Visa reports that as of December 2018, there were over 3.1 million merchant locations accepting chip cards, representing 68% of all US storefronts. And by 2020, EMVCo reports that 63% of US cards are chip-enabled, accounting for over 77% of transactions made. US rates still trail adoption in Europe, Canada and elsewhere. Nevertheless, it does represent significant progress.
Are chip cards fraud-proof?
No. EMV chip-and-PIN technology is proven to reduce losses from counterfeit and stolen card. That said, chip card technology is not a silver bullet. There’s currently no single technology – or even combination of technologies – that offer 100% fraud-proof payments.
However, chip cards have significantly reduced card-present fraud. In December 2018, Visa reported that in the three-year period since the EMV liability shift, chip card technology has reduced card-present counterfeit payment fraud losses by 80% among merchants who upgraded to EMV.
Protecting your business and reducing risks of losses related to credit card and other payment fraud involves a mix of technologies, best practices and relationships. Your payment processor can work with you to develop a comprehensive payment security plan that helps reduce risks so you can keep more of what you earn.
Can chip-and-PIN transactions work offline?
Yes. Because chip cards work dynamically, network connection is important. But businesses don’t stop when networks go down, making offline transactions a potentially important consideration.
EMVCo specifies two methods that allow chip cards to work offline: Static Data Authentication (SDA) and Dynamic Data Authentication (DDA). Payment data is authenticated between the card and the terminal rather than with communication to the issuing bank.
Consult with your payment partner to determine best practices as offline transactions utilize some – but not all – of the security features of EMV.
We’re here to help
FIS® is a global payment technology leader that can help protect your business with secure transactions that minimize fraud and reduce risk. Connect with one of our payments experts today to learn how EMV can help keep your business safe from in-store counterfeit fraud.