:format(webp)/cdn.vox-cdn.com/uploads/chorus_image/image/63703633/emv_credit_card.0.1467738886.0.jpg)
As Congress gets ready to hold hearings starting Tuesday on the credit card security breaches at Target and Neiman Marcus, and how they were carried out, expect a lot of discussion about EMV cards.
EMV cards, or Europay, MasterCard and Visa — more commonly referred to as “chip and PIN” cards — are new, more secure credit cards that are widely adopted outside of the U.S. The card includes a chip like the one you see in the image above that protects transaction data in a way that magnetic strips on existing credit cards do not.
Last week I chatted with Carolyn Balfany, Senior VP at MasterCard and head of its EMV technology efforts, for a quick download on what to expect. In the U.S., EMV card technology is being phased in between now and the fall of 2016. And while it won’t necessarily eliminate credit card fraud, it will help curb the kinds of fraud that are common now.
There’s a chip on the card that adds an extra layer of security to the transaction itself. Magnetic stripe cards are trivially easy for criminals to copy. Chips are much more costly to fake. “We’ve never see mass-market scale counterfeit activity happen with chip cards,” Balfany told me. “When chip cards are rolled out, we tend to see fraud activity simply migrate to less secure markets.”
So when is it coming? The first big step occurs in October of 2015. That’s when the liability for covering the cost of fraud shifts away from its current system, where it generally falls to the bank issuing the card. “Under the new system, whoever has the least secure technology, whether it’s the bank or the merchant in the store, is the one who bears the burden for the fraud,” Balfany says.
The point, she says, is to encourage merchants to invest in new EMV-ready payment terminals on their checkout counters. If the merchant is still using old mag strip gear, it will be liable for paying for the fraud. If the merchant has upgraded, then the issuing bank is liable.
The next deadline, October of 2016, is when a second practice called “tokenization” gets rolled out for e-commerce transactions. Since no one wants to buy a specialized card reader for shopping online, an individual credit card number will be tokenized.
What this means is that every time you use your card with a particular online store, it’ll create a new number that’s both linked to your credit card number and unique to that vendor. So when you use the same card to buy something on Amazon, and then order dinner on Seamless, neither will be storing your actual credit card numbers, but their own individual tokens that stand in for your credit card number.
If someone were to obtain that token and use it for fraud, since it’s unique to a particular merchant, you’d have an easier time tracking the problem back to its source. This also means the bank doesn’t have to automatically issue a new card, bypassing the headache of updating every merchant you buy from with a new card number.
Best of all: The process is hidden from the consumer, so you don’t have to do anything different.
This article originally appeared on Recode.net.
