3 ways chip and PIN protect your customers
Chip and PIN cards have been rolling out in the U.S. for the past several months, but you and your customers may still not know everything about how they better protect sensitive data. While the EMV technology present in chip and PIN cards does not make it impossible for hackers to steal the associated data, it does make it much less likely that information will be useful and usable in subsequent in-store fraudulent transactions. Chip and PIN cards protect customer data in card-present transactions, both at a merchant POS (point of sale) terminal and at ATMs.
#1: The chip generates a unique data string for each transaction that cannot be replicated by fraudsters.
The security of the chip and PIN card lies mainly in the data chip that is embedded into the card, which generates a unique data string to authorize each transaction. Even if a thief intercepts the authorization data, it cannot be used in subsequent transactions since it has already been used in that transaction. In traditional magnetic stripe transactions, the same data is transmitted and used each time a transaction is made. That’s why it has been so easy for hackers to steal and successfully use card data for so many years.
It's important to note that EMV does not prevent card data from being stolen. Without encryption and tokenization technology, the cardholder's sensitive data can still be stolen and used to create counterfeit cards. However, the counterfeit cards will not be useable in other stores using EMV technology, because of the data chip, which can not be replicated. The subtext here is that you do not want to be the "other store" not using EMV technology and allowing fraudulent cards to be used. And, you really need encryption and tokenization protection in order to be as secure as possible. Many, but not all EMV solutions come with encryption and tokenization, so be sure to ask when getting your EMV terminal.
#2: Requiring the customer to enter a PIN adds another layer of fraud protection.
Requiring the customer to enter a PIN before the transaction is authorized adds an extra layer of protection to the EMV transaction. Only the cardholder should know the PIN; in the event that the card is lost or stolen, it will be useless without the PIN.
After the customer dips the card into your payment terminal, he or she will be prompted to enter a PIN. Only after the correct PIN has been entered will the transaction be sent across the network for authorization. While this process has been fairly standard across Europe and other areas for many years, entering a PIN for a credit card transaction is likely new for most in the U.S. The process is quite similar to entering the PIN for a PIN debit transaction. Plan on training your staff on assisting customers who are unfamiliar with this process so you can keep your checkout lines moving along smoothly.
The added protection of the PIN means that if the card is lost or stolen, the thief will not know the PIN so the transaction will not process at another merchant location where a fraudulent transaction is attempted. As with debit card PINs, the cardholder should set up the PIN as one that is not easy to guess and that could be guessed by a fraudster armed with their basic personal information such as address or date of birth.
#3: The customer can change the PIN at any time.
Especially helpful if the customer feels the card or account has been compromised, they can change the PIN associated with the chip card at any time. If the cardholder feels the account has been compromised in any way, this is a simple, immediate security measure that can be taken to secure the account and the associated funds. Of course, this is especially important in the event that the card has been knowingly stolen. Note that this should be a quick step that the customer takes prior to calling his or her financial institution, but should not replace calling the institution to report the card lost or stolen.
So, even if the fraudster happened to see the customer enter the PIN at your POS and then the card was accidentally left behind, for example, the customer can immediately change the PIN as soon as he or she notices it’s out of sight or control. This way, when the thief attempts to use the stolen chip card with that old PIN that has now been replaced at another POS, the authorization will be declined.
Making sure your systems are ready for chip and PIN
Of course, all of the above security advantages of chip and PIN cards are only applicable if you have upgraded your POS terminals and systems to accept EMV chip cards. If you still have traditional swipe terminals only and a customer uses an EMV card, the added security of the chip does not come into play. Speak with your credit card processor today to make sure you have a plan in place to upgrade your systems soon to make sure you are ready to accept the latest payments technology and that your business isn’t potentially held liable for certain types of fraud that can be avoided with chip and PIN technology.