AskCyberSecurity.com

Cyber Security News & Information

AskCyber Home » News » data privacy » How Chip Credit Cards Work

How Chip Credit Cards Work

by

How Chip Credit Cards Work

Chip cards are credit cards and bank cards that have a small computer chip embedded in the lower left corner of the plastic plate. The chip communicates with a point-of-sale (POS) terminal to validate a purchase when the card is physically presented at a brick-and-mortar location. Chip cards are the credit card authorization standard in Canada, Europe, and Asia. However, they are not widely adopted in the United States even though chip and PIN technology is more secure.

The technology for PIN and chip cards was introduced in 1984 by French banks to reduce credit card fraud at POS terminals. Chip-and-pin cards were introduced in the UK in 2004. They have been the required standard since 2006. POS terminals in Europe can read magnetic strip cards and chip and signature cards as a courtesy to travelers. [Source; Source: http://news.bbc.co.uk/2/hi/business/4779314.stm]

In Western Europe, over 80% of credit cards use chip and PIN technology. Just about all, actually 99.9%, of card readers can read the EVM cards as chip and PIN technology. In Canada and Latin America, the card 54% of card readers can read chip and PIN EVM cards. [source: EVMCo].

Chip cards are also known as chip and PIN cards or chip and signature cards. These are short for the term the banking industry uses, EVM cards. Okay, so chip and PIN is not exactly a way to shorten EVM, but The PIN used with a chip and PIN card is a four to six-digit personal identification numbers that we are accustomed to using at ATM machines. EVM is short for Europay Mastercard Visa which is the consortium of companies that set the standards for EVM technology. As if there are not enough names for EVM cards already, they are also called or IC (integrated circuits) cards, but let’s stick with chip card to keep it simple.

Are Chip and PIN Cards More Secure?

Yes. EVM cards generate a unique code for every transaction reducing the likelihood of card skimming. A magnetic strip only card only uses the same card numbers to process every single payment. American payment cards have both the chip and the strip, making them vulnerable to skimming.

In the United States, many chip and signature credit cards remain in use. These hybrid cards have the embedded circuit but also have the data on a magnetic strip. The strip is included because the PIN technology is not universally used in America nor is it mandated by law or industry standards. The strip allows for legacy POS terminals to process the transaction.
Using a hybrid card requires a signature rather than a PIN to authorize the charge.

How Does a Chip Card Work?

The integrated circuit (chip) inside an EVM card can store data as well as process data. The chip encrypts data while communicating with a POS terminal. The integrated circuit has no electrical power source.

Chip cards use one of two methods to validate purchases at POS terminals. The first, which is very common in the United States, is known as “chip and signature.” This means the user inserts the card into the POS terminal. The chip communicates encrypted account information to the terminal. The terminal cardholder is prompted to scribble something resembling a toddler’s signature on the screen as “proof” that they are the legit cardholder. Alternatively, the terminal spits out transaction information a skinny paper receipt that the cardholder then signs.

The terminal is programmed to decide which of eight validation methods, called cardholder verification configuration (CVM), will be used to authorize or decline the sale:

  • Signature required
  • Offline plaintext PIN
  • Offline enciphered PIN
  • Offline plaintext PIN and signature
  • Offline enciphered PIN and signature
  • Online PIN0601
  • No CVM required
  • Fail CVM processing

The signature required CVM is used in America and as a legacy accommodation for United States cardholders who are traveling abroad in a country that uses chip and PIN authorization. No CVM required is used for no signature required sales, for example those that fall below a minimum dollar amount. One of the grocery supermarkets near me does not require a signature for sale below $25. Signatures are not a secure method to verify the identity of the cardholder.

Can chip cards be hacked?

Yes, chip cards can be hacked. However, it is much more difficult than hacking a card that only uses the magnetic strip. EVM card readers can be compromised with a man-in-the-middle attack. The hacker may be able to decrypt the strip data and the PIN. This could be used to clone a fraudulent magnetic strip only card. The card won’t work at a EVM terminal but will work at a terminal that permits a fallback to magnetic strip only processing for customers without chip cards or defective chip cards.

Do EVM Cards help with online fraud?

No. Because the chip is not read during the transaction and a PIN is not required for a CNP transaction. Neither the chip and signature nor the chip and PIN technology guard against online fraud.

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers