Posted: Robert Siciliano | January 28, 2016


What are Chip and Pin, aka EMV Credit Cards?

Closeup of a credit card with a gold chip

EMV stands for Europay/MasterCard/Visa, and it's a superior way of card transactions that the U.S. is taking forever to catch onto.

EMV cards contain a microchip, hence "chip," authenticated with a PIN (chip and PIN) or signature, and the PIN version makes it just about impossible for the card's information to be stolen. Slide the card into a reader, which detects the chip, asking for the PIN. What are the odds that a crook will know your PIN?

Or, it may request a signature (less secure because a signature can be forged). On the pure EMV cards, there's no stripe on the card-the one on traditional credit cards that contains the cardholder's information that can be stolen via tampered readers a.k.a. skimmers. However on the recently issued U.S EMV cards, the strip will be there for a few more years, at least.

While other industrialized nations have adopted the chip/PIN technology, the U.S.'s goal by the end of 2015, according to the Payments Security Task Force, was to get only as far as 63 percent of credit and debit cards being chipped, and 47 percent of retailers' readers being able to detect the microchips.

In fact, October 1 of this year was supposed to be the deadline for a "liability shift," meaning, merchants would be responsible for any fraudulent charges involving a reader that couldn't detect the chip technology. But it seems nobody thus far has taken that deadline seriously.

In addition to the forging potential of chip and signature, the signature version is worthless in other developed countries that use only the PIN version. It's not hopeful that America will 100 percent convert to chip and PIN because money is already being spent on converting to signature.

That all said, EMV cards are not 100 percent immune to tampering, especially for online purchases-for an obvious reason: The shopper must be physically present to sign. And there's no physical reader to detect the PIN. So the card number is still vulnerable for online and over the phone transactions.

One argument for the chip and signature transition is that it's believed that customers will spend less if they have to enter a PIN (perceived to be a hassle at checkout). Retailers are focused on more profit, not higher security and are just crossing their fingers that they won't suffer a massive data breach.

In Summary:

  • The whole world, essentially, has already converted to chip and PIN.
  • The U.S. is hell-bent on chip and signature, useless in foreign lands with PIN cards.
  • Though chip and signature isn't as secure as the PIN version, it definitely beats the old magnetic stripe technology.
  • Chip and signature still leaves a lot of territory open for data breaches.

Some say banks, card companies and retailers don't seem to realize that in the big picture, data breaches are far costlier than what it would cost to convert all the way to PIN technology.

Robert Siciliano is an identity theft expert to discussing identity theft prevention


Top of Page keyboard_arrow_right

author image

Written by Robert Siciliano

Follow Robert Siciliano on Google+

Compare the top ranked companies

Find the right company for you.