In the United States, our credit and debit cards still rely on outdated magnetic stripe technology. The magnetic stripe is the black or brown band on the back of your credit or debit card. The stripe stores data, such as your account number, via tiny, iron-based magnetic particles. When you swipe your card through a card reader, the device accesses the data stored on the magnetic stripe. A quick YouTube search yields numerous vendors offering to sell skimming devices, which can be used to steal data from credit cards as they are swiped in an ATM.

EMV, or chip and PIN cards, on the other hand, are far more secure. These so-called “smart cards” contain embedded microchips and are authenticated using personal identification numbers, or PINs. When a customer uses a smart card to make a purchase, the card is placed into a terminal or a modified card reader, which accesses the card’s microchip and verifies the card’s authenticity. The customer then enters a four digit PIN, which is verified against the PIN stored on the card.

EMV technology supports four cardholder verification methods: offline PIN, online PIN, signature, or no cardholder verification. This enhanced cardholder verification process is an additional security feature, ensuring that the person initiating a transaction is in fact the legal cardholder.

Meanwhile, the only way to verify a regular magstripe credit card is for a cashier to check a customer’s identification, but this occurs irregularly at best and may even promote a false sense of security. In card not present transactions, such as online purchases, the CVV or credit verification value is the primary verification method, but this number is visibly printed on the card itself, and is as easily stolen as an account number or PIN.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Be Sociable, Share!