Chip-and-PIN credit card

What is traditional magnetic stripe credit card?

A magnetic stripe card is any type of card that contains data embedded in a stripe composed of iron particles in plastic film. This might be good for gift cards, loyalty cards, and membership cards. Since the information is stored statically, it will always be there in the magnetic stripe. That’s why this method is not secure!

What is chip-and-pin credit card?

A chip-and-pin card is a credit or debit card that contains data embedded in a microchip and requires the consumer to enter a PIN (personal identification number) to complete the transaction. It is also called an EMV microchip card (Europay, Mastercard and Visa). It is considered more secure than a traditional magnetic stripe credit card because of both the technology in the chip and the requirement to enter a unique PIN. Besides, it can’t be as easily “skimmed” by fake credit card readers.

Chip-and-pin VS chip-and-signature

Every EMV chip credit card issued in the US has the chip-and-signature verification method Only cards from certain issuers also have chip-and-PIN.

How does EMV chip card work?

The chip and the terminal work together to create a unique, encrypted code, called a token or cryptogram. On every transaction you make, this token will be unique every time. The number is created from information in the chip and information in the terminal, but only using instructions contained in the chip. This is better compare with traditional magnetic stripe because the traditional way is using static information contained in the magnetic stripe, and it is always there on your card, which is able to be copied. After getting the token, it is needed to decode to verify it is actually you making the transaction. That’s when you need to have your signature or PIN. When the correct information provided, the transaction is proved.

How hackers get credit card information?

Most cases, thieves don’t steal your credit card information directly from you. Instead, they get it somewhere else in the credit card processing chain. Here are some ways they do it.

  • Hacking into other business — thieves can steal your information by breaching a company where you’ve used your credit card or a company that handles some aspect of credit card processing. Example: according to the non-profit Identity Theft Report Center (ITRC), data breaches in 2018 totaled 1244, with 446,575,334 records exposed. This exposed card details of more than 64.4 million cards.
  • Skimming — A credit card skimmer is a small device that captures your credit card information in another otherwise legitimate transaction. For example, thieves secretly place credit card skimmers over the credit card swipe at gas stations and ATMs then return to retrieve the information captured.
  • Installing malware or viruses on your computer — hackers can design software that’s downloaded in email attachments on your computer undetected. They can take advantage of public Wi-Fi to trick people into installing malware disguised as a software update. The software can monitor your keystrokes or take screenshots of your page and send the activity to the thief.
  • Tricking you — thieves set up traps to trick consumers into giving up credit card information. they can do this by phone call, by email, through fake websites, and sometimes via text message.

Current challenges regarding to chip-and-pin credit card

Despite the security that chips provide, all chip cards still come with magnetic stripes. This is necessary for now because not all merchants have payment terminals that can process chips. If a merchant does not have a chip card reader, you’ll have to swipe the card. This deprives you of the extra security protection built into the chip and leads to a greater risk of fraud.

Transition to contactless payment

Contactless payment is a secure method for consumers to purchase products or services using a card with RFID (Radio frequency identification) technology or NFC (near-field communication).

Secure Credit Card