The magnetic stripe cards were very vulnerable to fraud and skimming.
Skimming is the process by which information on the credit card is stolen during an otherwise legitimate transaction like swiping at the fuel stations, restaurants, etc. These are done by using a small device called the Skimmer. The data skimming devices could be attached to the Electronic Data Capture (EDC) machines or could even be carried in the hands of waiters or store employees.
This device could pull in sensitive information on the card, which could then be fraudulently used for transactions using the credit/debit card details.
This was possible as the customer data was stored in a static form on the magnetic stripe. The data stolen could easily be used elsewhere. The information so derived could also be used for cloning these cards. Cloning is a process where the original information of the holder is embedded on a different card and used by the imposter.
The only way a credit/debit card holder would know of these transactions is if they were aware and kept a close watch over the SMS/email alerts on the transactions.
As per RBI data, there were around 23,000 incidents of credit card frauds during the period Apr-Dec 2017. These numbers also included incidences of phishing, using fake apps/websites, information theft over phone/email, etc.
As the number of incidents increased, the financial sector moved on to EMV cards.
What Are EMV Cards?
Cards that use the EMV chip technology are called EMV Cards. This technology is named after their developers (Europay, MasterCard®, and Visa®). The technology uses embedded microchip processors in cards/mobile phones that store and protect customer data.
How Do EMV Cards Work?
The microchips in the EMV cards store customer data in a dynamic form contrary the static form in a magnetic stripe card. The static form of data left the magnetic stripe cards prone to fraud and skimming, whereas in cards using EMV technology, the communication between the card and the Point of Sale/EDC machine is never constant due to the data stored in dynamic form.
Chip (EMV) technology is effective in combating counterfeit fraud with its dynamic authentication capabilities (dynamic values existing within the chip itself that, when verified by the point-of-sale device, ensure the authenticity of the card). Each time the EMV card is used, the chip identifies that transaction by a unique transaction code which is valid for one-time use only. Even if someone stole the chip information and used the same transaction number again, the card would not be accepted.
The current usage of Chip and Pin (Pin number to be entered in addition to card dip to authenticate) is a is a step ahead in ensuring further protection to the consumer against fraud and skimming.
Adoption of Appropriate Technology by Merchants/Point of Sales
An important feature of the transactions with EMV Chip Cards is that the merchants/Point of Sale points are also equipped with the technology required to read these cards.
EMV cards can be also swiped at POS which does not have the required technology to conduct chip-enabled transactions, but then the transaction loses its chip security. However, it will make it still difficult for someone to steal information. More so, with the requirement of PIN, it may make it impossible for a fraudster to make a purchase.
Of course, the protection will be lost if the card is physically stolen and the fraudster has also managed to get hold of your PIN. According to Worldwide EMV® Deployment Statistics, as of Q4 of 2017 worldwide about 63.7% of the transactions were EMV. In India, the RBI has given a deadline of December 2018 to replace magnetic stripes on all debit and credit cards by EMV Chip and Pin cards.
If you are still stuck with a magnetic stripe card, it is high time that you contact your bank and get it exchanged for an EMV chip card as magnetic swipe cards will no longer be valid for any payment transactions after 01 Jan 2019.
Contactless or Near Field Communication Cards
In addition to the EMV Chip, the cards being issued these days are enabled for Contactless Payments. You would have noticed a wifi kind of symbol on your recently issued cards which shows that these cards are enabled for contactless payments.
What are Contactless Payments?
In a contactless payment process, your card need not leave your wallet. You can complete your payment process by tapping the card/just waving your card on the appropriate point on the POS. The needed information stored on your card communicates with the point of sale through NFC.
Your NFC card comes fitted with an antenna, which transmits data in an encrypted state to the POS. An added digital signature makes it all the more secure. Experts say that it is difficult to intercept theses NFC waves and steal information as you need to be a merchant to have that kind of technology that can read the waves and extract information out of it.
For transactions less than Rs 2000, the RBI has done away with the requirement of 2nd-factor authenticity verification in the form of the PIN.
However, the adoption of Contactless Payments in India has been quite low as the awareness of the payment system is quite low. However, over the next 2-3 years, a lot more people are projected to make use of the technology, with the government also actively pushing for the adoption of contactless pay.
No matter what card you use, no technology can be 100% foolproof. It is imperative that an individual handles their card with utmost responsibility and takes basic precautions, like not falling prey to unscrupulous calls and emails, making payments on unsecured websites, giving away the PIN, withdrawing cash on ATMs which do not appear secure, etc.