Comparing credit card offers since 2005 - it's fast and easy! Search, Compare and Apply for the best credit card deals now

With EMV, benefits far outweigh minor risks

by Peter Andrew

One of the hardest parts of using the World Wide Web is deciding whom you should believe -- and whose information you should dismiss. There are times when being able to discriminate between these is critical. If you insist on running your symptoms past MedicalSchoolDropout.com, you could easily have sleepless nights worrying about nothing. Or, worse, you might be falsely reassured, and put off visiting your family doctor at a time when it's urgent you do so. Incidentally, this writer recently asked a senior attending surgeon at a major hospital how she felt about patients turning up with their own Web-sourced diagnoses, and she surprised him.

"It's great," she said. "They almost always believe they're way more sick than they really are. So my job is usually to tell them their true prognoses are significantly better than they think."

Credible and incredible credit card advice

With so many credible medical sites around, it's not hard to find trustworthy medical advice. You might think the same applies to financial websites. But, in mid-September, an article appeared on one well-known website that contained two serious errors. True, you won't die if you believed them, but your financial health could one day suffer.

Its main premise was that using credit cards can be risky. Well, of course there's a risk involved, but it's considerably lower than with other payment methods. Take cash to a store, and your wallet might be lost or stolen. Then all that money's gone.

Use a debit or prepaid card, and again it's your money (that amount you put into your checking account or pre-loaded on your prepaid plastic) that disappears if a clerk or hacker steals your card information and drains your account. True, you stand a good chance -- certainly with a debit card -- of eventually getting it back, but in the meantime it's you who's out of pocket.

With a credit card, you have a legal right to withhold payment for unauthorized charges. And that means it's the credit card issuer's money that's gone. Not a lot of risk there, you might think.

Dubious data

By now, you're likely to know about EMV, the technology that uses a tiny microprocessor chip embedded on a payment card to provide additional layers of security. Such chips are set to be on 96 percent of credit cards in this country by 2018.

The article's second error was to suggest that EMV would prevent hackers from accessing card data in breaches such as those experienced over the last year by many retailers, most notably Target and Home Depot.

"When you shop with a magnetic strip credit card, retailers and card processors store card data in their systems, and that makes the information easy to obtain for hackers with the know-how," the article said. "With chip cards, the information is read off a secure chip located on the card, and the card number itself is never revealed."

Chip-and-signature helps

That's simply not true, and believing it to be so could put you at risk in the future. Suppose one day you use your new EMV card in a store that's subsequently hacked. You're going to believe you have nothing to worry about, and might fail to closely monitor your card statements and credit report.

IndexCreditCards.com checked its facts by asking EMV Migration Forum Director Randy Vanderhoof for clarification. Vanderhoof confirmed that the technology still transmits card data to retailers, which means that EMV in itself would not prevent information being lost in hacking incidents. However, he went on to explain why it might lessen the appeal of carrying out such hacks.

"It's important to look at the motivation behind these data breaches. The reason the criminals behind these data breaches are so interested in going after these merchant systems is because the static magnetic stripe data they have obtained is very valuable," he said. "They can sell the data from one magnetic stripe card account for upwards of $50 because the data has all of the elements necessary to create a counterfeit payment card that will work for in-person purchases."

What sets the EMV card apart?

"EMV chip transaction substitutes the static card data with dynamic data. This makes every chip transaction unique, so its data cannot be used to create a counterfeit card that will work for in-store purchases," Vanderhoof said. "This greatly reduces the value of that data for criminals and gives them less of an incentive to go after it."

It's also worth noting, Vanderhoof said, that merchants have the option to encrypt and decrypt payment data.

"This is not a function of EMV, but can be done with add-on software at the point-of-sale and at the processor level," he said. "EMV and point-to-point encryption work in complementary ways for cardholder security, but are not one and the same thing."

In other words, hackers could still steal card information post-EMV (although newly launched Apple Pay does things differently), and use it for card-not-present transactions over the phone and online. However, it would be virtually impossible to subsequently clone plastic for in-store purchases. And that might be enough to force criminals to find other outlets for their technical "talents." Maybe they could take up writing (accurately) about credit card technologies.

Published 09/29/14 (Modified 10/02/14)

Share this article with:

0 Responses to "With EMV, benefits far outweigh minor risks"

No Comments

Leave a Comment