How chip security on your ATM card will change the future of payments

By Jackson Okoth

Kenya: During the Christmas season, two major US retailers — Target and Neiman Marcus — had high-profile security breaches that resulted in millions of customers’ credit card numbers being stolen.

The two firms admitted that 110 million customers were affected, or one in three Americans.

Part of the reason this was possible is that the US, for all its technological advances, is still using magnetic stripe credit cards.

The move to migrate to the safer chip and pin cards has been put off for more than 10 years as a result of the sheer size of the US and the billions of dollars it would cost to set up new card readers at all retail establishments. But increasing credit card fraud has lent fresh urgency to efforts to modernise.

.

Keep Reading business

•  NCPB sets in motion plans to compensate farmers for fake fertiliser
•  Governors reject revenue Bill, demand Sh439.5 billion allocation
•  Firm linked to fake fertiliser calls for arrest of Linturi, NCPB boss Premium
•  KPLC to pay Sh500 million for Nakumatt fire tragedy
•  Scented success: Passion for cologne birthed my venture Premium

Estimates put 2020 as the year when chip and pin technology will be adapted in the US.

In Kenya, it will be May 31. After this date, banks will be held responsible for any fraudulent activity associated with non-compliant cards.

Biggest benefit

The new EMV (Europay MasterCard Visa)-enabled plastic cards, which are currently being issued to customers, have cardholder details encrypted in a chip instead of on the traditional magnetic stripe.

“The biggest benefit of the EMV standard is the reduction in card fraud resulting from counterfeit, lost or stolen cards. EMV-compliant cards also provide interoperability with the global payments infrastructure,” said Mr Fidelis Muia, the director of technical services at the Kenya Bankers Association (KBA).

The technology is already widely used in Europe and Asia, and its adoption is growing in Africa, with Kenya, Nigeria, South Africa and Rwanda already on board.

The tiny chip embedded on the new cards works like a small computer.

The computer negotiates with point of sale terminals at a supermarket, restaurant or ATM, and creates a unique number for every transaction, rather than one number that is repeated over and over, improving transaction security.

Fraudulent purchases

EMV-compliant cards carry security credentials that are encoded by the card issuer and are impervious to access by unauthorised parties.

These credentials, or keys, therefore, help prevent card skimming or cloning, which is easy to do with magnetic stripe cards because they contain payment data that does not change. 

In EMV-certified transactions, the card is authenticated as being genuine, the cardholder is verified, and the transaction includes dynamic data and is authorised online or offline, according to issuer-determined risk parameters.

Each of these transaction security features, which are certified by Visa or MasterCard in line with predetermined standards, helps minimise the chances of your card being used to make fraudulent purchases.

There are also going to be some slight changes in the way you use your debit or credit card.

Instead of swiping it, you will now insert it into a card reader, or tap it against one, so that the chip on the card and the reader can establish a secure connection. You will then be required to input a pin.

With the magnetic stripe cards, a fraudster is able to make purchases using your card and authenticate the transaction with a signature; no pin is required.

A phased programme to migrate to the new standard, developed by KBA, has been adopted by all banks, institutions and switches operating in the country. 

Reports indicate that all banks have met the September 2013 deadline of upgrading all ATMs, and the December 2013 deadline for the Point of Sale (POS) terminals.

The tail end of the migration process is issuing EMV cards. Already, 70 per cent of credit and debit cards have been converted to chip and pin technology, and certified EMV-compliant. Customers have been advised to pick the new cards from their banks.

Technology race

“Most banks have completed the certification of their card management systems and have started the card replacement process, with a number notifying their customers about the change. The expectation is that the banks, during the course of this month, will ask customers to visit their branches and exchange their old cards for the new ones,” said Mr Muia.

But while fraud is minimised with chip and pin cards, it is not completely eliminated. There is always a technology race between financial security experts and data thieves, but for now, chip cards are ahead. Still, do not let your guard down.

“Avoid saving your pin in your phone or keeping it in your wallet. Do not give it out to anyone, and this includes relatives and friends. Also, only input your pin when prompted to do so,” said Muia.

He added that if an ATM retains your card, you should not leave the machine without telling the bank what has happened. And do not accept help from a stranger.

“Bank customers should remain vigilant, and should they see anything suspicious at the ATM, we appeal to them to contact their banks directly.”

Be careful no one sees the number you input while shopping or paying for a meal. Even though the pin cannot be used without the card, you would be at risk if the card is stolen.

And if possible, ask your bank to enable SMS alerts so that you are informed each time your card is used. 

To mark ATM Awareness Month, we will run a series of informative articles on the EMV migration.

Email questions or comments to [email protected]