Just when you thought the new EMV credit card terminals you invested in would increase safety against card fraud, the FBI says not so fast.
Yes, the new EMV credit and debit cards from MasterCard and Visa (and EuroPay) are more secure against counterfeits and fraud. But the FBI says that while the EMVs do provide more card-present security than old magnetic stripe cards, they do not prevent fraud, particularly regarding online sales.
For dealers that may be selling products on the Internet, the FBI warns: “Although EMV cards provide greater security than traditional magnetic strip cards, an EMV chip does not stop lost and stolen cards from being used in stores, or for online or telephone purchases when the chip is not physically provided to the merchant, referred to as a card-not-present transaction.”
“Additionally, the data on the magnetic strip of an EMV card can still be stolen if the merchant has not upgraded to an EMV terminal and it becomes infected with data-capturing malware,” the FBI said. “Consumers are urged to use the EMV feature of their new card wherever merchants accept it to limit the exposure of their sensitive payment data.”
So just where are we since retailers were required to have the new EMV-compliant devices at the POS as of Oct. 1 or they could be held financially responsible for any fraudulent transaction instead of the banks? In a nutshell, dealers are better off, but not as well off as they should be.
First, major retail trade groups have long been on record as urging banks and credit unions to establish the chip-and-PIN transactions and do away with the chip-and-signature transactions that are clearly more susceptible to cyber fraud.
Second, even the FBI recommends that consumers use PIN numbers instead of signatures to authorize and verify a transaction. “Merchants are encouraged to require customers to enter their PIN for each transaction in order to verify their identity. If a consumer uses a signature, merchants should ask to also see a government-issued photo identification card to verify the cardholder’s identity," the FBI said.
In the United States, it’s been the banks and card networks that have long dragged their feet in adopting the EMV cards. Now that they’re finally here, and the majority of card holders have been issued them, retailers are one step closer to good security. However, the banks, thus far, have been the holdup in making the more secure PIN authentication the standard in the U.S.
Perhaps the FBI’s warning will serve as a call to move forward on the PIN standard. Meanwhile, dealers who believe they have been a victim of credit card fraud are asked to reach out to their local law enforcement or their nearest FBI field office. In addition, a complaint can easily be filed with the FBI at the Internet Crime Complaint Center at www.IC3.gov.