chip-cards-header

The Switch to Chip (EMV) Cards

by
February 6, 2015

 

Later this year—October, to be more exact—rules and regulations around credit cards are changing. In Europe and elsewhere in the world, credit cards have long used technology called EMV that makes them far more secure than the magnetic stripe cards the US is currently using. The problem with magnetic stripe cards (as we’ve seen on countless TV shows and movies) is that they’re very easily written, read, and therefore, stolen. The stripe simply holds your credit card number, and when swiped, the reader ingests the numbers as they are passed in front of his scanner, and voilà, your credit card number has been taken.

Think about it a different way. The last time you got your library card, they created it right in front of you. That’s a magnetic stripe card. The same technology your credit card uses. Seems totally secure, right? Not so much. Yes, there are built-in protections for credit cards, in particular, and this is a slight oversimplification, but the underlying rules of how the cards work is the same.

This is where the chip (EMV) cards come in. Rather than use the magnetic stripe method, the cards actually have a tiny microchip in them. The nifty Apple Pay dipping method of paying where you tap your phone to the payment processor? That’s kind of how chip cards work. Instead of needing to swipe your card in a magnetic reader, you simply insert it into the POS system in the store, and after it’s done with its conversation with the necessary financial systems, you’re done. If you’ve received a credit card recently, you may already have a chip card.

“But that seems less secure,” you may think. Here’s where the really cool tech comes into effect: tokenization. One of the main problems with magnetic stripe cards is that their information is static. You can’t write or re-write the information on a magentic stripe card each time you use it. So the same information—your credit card number—gets swiped into the reader, sent off for confirmation, and comes back to the seller. If your credit card information gets stolen, it’s nearly impossible to tell where it happened, and the hooligans have your actual credit card number.

Tokenization means that instead of keeping your actual credit card number in the system, it has a token (a random string of numbers) that is different for each retailer. This makes breaches (if they ever happen, which is unlikely) much easier to track down. The other nice thing about tokenization? Because only a random number sequence is stored, that’s all hackers should ever get. They don’t get your credit card number if they somehow manage to hack in; they only get a useless (to them) token.

Square's graphic on how tokenization uses dynamic data per retailer.

Square’s graphic on how tokenization uses dynamic data per retailer.

Now about the technology… magnetic stripe cards and readers are very much ingrained in our systems. We’ve been using them here in the US for 60 years. When the Mastercard PayPass and Apple Pay systems started arriving, they were and still are a new and different style of payment. And they’re not accepted everywhere yet. This is because of the new (to us, not to the rest of the world) technology being used. Luckily, as an online seller, this doesn’t mean much to you since your payment-taking processes will stay largely the same. However, if you use a mobile card reader or have a brick-and-mortar store, these changes are very important for you to follow.

Luckily, the October 2015 cut-off is not a hard-and-fast “use this or you can’t use your credit card” timeline. Magnetic stripe cards will more than likely be accepted for a good while longer. But the problem comes time for when/if credit card information is stolen: rather than the liable party being the credit card issuer, the bank, it’s now the retailer’s fault for not keeping up with the times.

So, what do you do about it? If you accept physical cards on location at a trade show, pop-up shop, or in an otherwise face-to-face transaction, find out if your current payment reader accepts chip cards. If you’re in the market for a new reader, our friends at Square have already made it known that they have one in the works, and you can pre-order it here.

 

Massive thanks to Square for their many articles on this new tech. If you’d like a more in-depth read on chip (EMV) cards, plus other articles on running your business, head on over to their Town Square blog. Then, check out Square’s suite of tools that empower sellers to start, run, and grow their businesses.