The EMV chip card
EMV cards are trying to make landfall in the U.S., thanks to major initiatives from the payment networks -- Visa, MasterCard, American Express and Discover.
Widely used abroad, these cards contain a microprocessor chip that stores the account information and communicates to the checkout computer at purchase. The chip then encrypts the purchase data uniquely each time it's used. Vanderhoof refers to this as "dynamic" data.
This makes it harder for criminals to pick up useful payment data and use it again for another purchase, and it practically wipes out counterfeit fraud. In the U.K., counterfeit fraud fell by more than 70 percent from 2007 to 2012 after the countrywide adoption of EMV cards, according to a report from the UK Cards Association and Financial Fraud Action UK.
EMV cards come in two varieties: chip-and-PIN and chip-and-signature. The former requires a personal identification code to further verify a transaction and helps to prevent fraud from lost or stolen cards, Carolyn Balfany, senior vice president and group head at MasterCard, explained at the Card Forum & Expo in April. The second requires only a signature and is less effective against lost or stolen fraud.
But EMV isn't ironclad. Chip cards guard only against counterfeit fraud. It doesn't help prevent fraud that occurs when only the account information is used for a purchase, such as over the phone or online.
The contactless card
Contactless payment cards boast convenience and ease-of-use at purchase, but are they secure? A host of recent reports have called into question their security.
This type of card uses near-field communication, or NFC, to conduct payments. Card information is stored in a chip on the card or device and that data is transmitted via radio frequency to a payment terminal equipped to accept this type of tap-and-go payment. Some credit cards and gas stations offer this technology.
The technology is similar to RFID, or radio frequency identification, found in electronic toll collection tags such as E-ZPass. The key difference is the RFID technology is meant to be read at great distances, while NFC technology is meant to be read at a very close distance, no more than 4 inches.
The media reports focused on the possibility that someone could lift the information from a card while it's still in a wallet by simply waving an NFC reader close to it. So far, the fears are unfounded because they have occurred only in demonstrations. There has been no reported fraud committed like this.
"It's certainly not in banks' interests to employ a technology that puts their consumers in danger," says Michael Misasi, senior analyst at Mercator Advisory Group. "It's my understanding that NFC cards only operate within a couple of centimeters."
NFC cards also allow consumers to hold onto their cards throughout the entire transaction, eliminating the ability of fraudsters to skim their cards
Posted by John MacHaffie at 6:25 PM