How Do EMV Chips Work? Do They Really Protect Cardholders Against Fraud?
Just when folks got used to the idea of swiping a credit or debit card to make a purchase, along came a card that must be inserted (or “dipped”) into a card reader.
Seems it took no time at all to transition from “Please remove card quickly” to “Do not remove card.” But why the change?
EMV (or “chip”) payment cards have become the standard. Still, many people really don’t understand them. In this post, we’ll examine EMV chip technology and how it works. We’ll also explore some of the benefits and challenges of its use.
Recommended reading
- What is EMV Bypass Cloning? Are Chip Cards Still Secure?
- Dispute Apple Pay Transaction: How Does The Process Work?
- Terminal ID Number (TID): What is it? What Does it Do?
- The AI Gap: Banks’ Slow Adoption Creates Chances for Fraud
- Point of Sale Systems: How to Get More From Your POS Machine
- What is EMV Technology? Definition, Uses, Examples, & More
What Is EMV Chip Technology?
- EMV Chip
EMV refers to a type of payment technology first developed in the mid-1990s. EMV-enabled payment cards — also known as “EMV chip cards“ — have a built-in microchip that stores information, encrypts transactions, and facilitates transaction processing.
[noun]/ē • em • vē • CHip/
EMV stands for “Europay, Visa, and Mastercard,” the three companies that developed the payment technology.
Unlike magnetic stripe technology, which encodes the user’s primary account number as static information, EMV chip technology stores information on a built-in microchip. The chip can transmit information using a public key-based encryption technique called elliptic curve cryptography (ECC).
In other words, EMV chip technology encodes transaction data using unique, one-time codes that keep the payment method’s actual card number hidden. This makes EMV-enabled cards much more secure than magnetic stripe technology. It’s widespread adoption has been credited with reducing card-present fraud by as much as 76%.
EMV chip technology can be combined with additional verification procedures to help further reduce fraud risk. So-called “chip-and-signature” and “chip-and-PIN” transactions are two examples:
Chip-&-Signature Cards
Chip-&-PIN Cards
The EMV Chip Transaction Process
Completing a purchase with a chip card typically takes about 7 to 10 seconds. Numerous actions occur during that short span of time, though, both physically and digitally. Here’s a look at a typical process flow:
How an EMV credit card chip works
The “floor limit” refers to the maximum amount of money that can be charged to a payment card prior to authorization.
As we said earlier, all of this happens in the span of a few seconds. From there, a transaction request is transmitted to the payment authorizer, along with transaction specifics. This involves the creation of an Authorization Request Cryptogram (ARQC) that acts as a digital signature. The ARQC is verified and sent back to the terminal.
How Does EMV Chip Card Technoloy Work?
EMV chip cards are fundamentally different from magnetic stripe cards. While magstripes store static cardholder data that can be read optically, EMV chip cards must be inserted so that the data can be read from the microchip embedded in the card.
Once read, the chip generates a unique, encrypted code — known as a token — for each transaction. This token stands in for the cardholder’s real payment method information, keeping sensitive data secure during the transmission.
As we can see, the data is always encrypted at every phase of the transmission. So, the cardholder avoids exposing their information to potential hackers or data thieves. And, because chips generate a unique marker for each transaction, it’s virtually impossible to create a usable counterfeit EMV credit card.
Chip cards also offer the ability to make contactless payments. Instead of the card being dipped or swiped, it can be tapped on a specially equipped scanner and read using near-field communication (NFC) technology. This is the same technology used by mobile wallet apps to make contactless payments.
A multilayer solution is the only way to protect your business against fraud.
Request a Demo
What are Static & Dynamic Data Authentication?
An EMV chip card has the ability to generate a unique code for every transaction submitted for processing. This capability is what protects chip-based card purchases from fraud.
EMV cards can use three different offline authentication methods to verify transactions:
Static Data Authentication (SDA)
SDA is the least secure authentication method. Here, static data elements on the chip (like the primary account number and expiry date) are digitally signed, stored, and verified during the authentication process. This makes SDA vulnerable to "replay attacks,” in which a fraudster copies the static data and the signature from a genuine card and creates a counterfeit card that can pass SDA verification. For this reason, SDA is currently being phased out.
Dynamic Data Authentication (DDA)
DDA is more secure than SDA because unique signatures are generated for each transaction. By incorporating dynamic data into the authentication process, DDA makes replay attacks far more difficult to carry out, since a replayed static signature won’t match the dynamic signature expected for a new transaction.
Combined Dynamic Data Authentication (CDA)
CDA is most secure because the card generates a dynamic signature and a transaction-specific application cryptogram in a single step. By doing so, CDA protects against "man-in-the-middle" attacks, which occur when fraudsters alter transaction data while the card and terminal communicate with each other.
Comparing the Pros & Cons of EMV Chip Card Technology
Chip cards have a lot to offer both merchants and consumers. But, even despite the plethora of pros, EMV chip cards are not perfect. There are still a few downsides to consider.
We’ve taken the pros and cons of EMV chip card technology and stacked them side-by-side down below:
Security
Benefit
Single-use codes dramatically lower card-present fraud rates.
Downside
Only works for card-present transactions. Still vulnerable to card-not-present fraud.
Authorization
Benefit
Transactions can be verified online or offline.
Downside
Verification takes between 7 to 9 seconds; longer than magstripe cards.
Acceptance
Benefit
Both “chip-and-PIN” and “chip-and-signature” transactions are accepted globally by merchants with EMV-compliant payment terminals.
Downside
Merchants may need to update their payment terminals to be EMV-compliant. Sellers who don’t expose themselves to additional liability.
The Future of EMV Cards
EMV payment cards represent the future of payment processing. Increased security and more options benefit both consumers and merchants. Fewer fraudulent transactions mean retailers save money, and those savings should trickle down to shoppers in the form of lower pricing.
Also, the potential of EMV technology is far from fully realized. The next generation of chip cards will likely include a variety of possible features, from personalized couponing to loyalty programs built right into the card.
Exciting as that may be, however, there is the chargeback issue to consider. Chip cards simply aren’t designed to prevent customer disputes. Effective fraud management requires a comprehensive strategy that involves both prevention and revenue recovery. For more information, contact Chargebacks911 today.
FAQs
What is the meaning of an EMV chip?
EMV refers to a type of payment system developed jointly by Europay, MasterCard and Visa in the mid-1990s. EMV-enabled payment cards – also known as “chip cards“ – have a built-in microchip that stores information, encrypts transactions, and facilitates transaction processing.
How do EMV chips work?
With an EMV card, the embedded microchip creates a unique code for each transaction. The payment is processed using this one-use-only code, rather than the card number printed on the card. This is a practice called tokenization.
Are all chip cards EMV?
Yes. No matter what terminology banks or merchants may use — EMV card, chip card, smart card, etc. — they’re all different names for the same thing. Any payment card with an embedded chips is using EMV technology
Is EMV the same as RFID?
No. Most EMV chip cards require physical contact with a payment terminal. Radio Frequency Identification (RFID) cards only have to be near the terminal. Depending on signal strength, they may not even need to be removed from a purse or wallet.
Some modern EMV cards are integrating NFC technology, which can be used for contactless payments as well, offering the best of both worlds.
Can EMV chips be hacked or cloned?
Technically yes, but only the information from the magnetic stripe can be captured. That means any clone of the card would only work with non-EMV-enabled readers.
How do I know if my credit card has an EMV chip?
To see if your credit card has an EMV chip, look for a metallic square or rectangular microchip on the front left side of your card.
What are the disadvantages of EMV chip cards?
EMV chip cards have a few disadvantages. They’re vulnerable to card shimming, feature slower transaction speeds, and only protect against card-present fraud. They also shift liability onto merchants who lack EMV-compliant payment terminals.
What are EMV and non-EMV cards?
An EMV card is a microchip-based card that relays transaction information using a one-time, single-use token. It’s considered more secure than a non-EMV or magstripe card, since this type of card encodes sensitive card information as static, rather than dynamic, data.
Do all cards have EMV chip?
Not all cards are EMV chip-enabled, but the majority of them are. As of 2023, 66.38% of cards in use in the United States have an EMV chip. In Africa and the Middle East, this figure is as high as 92.27%.
