Credit Card Chip Must Read

Originally, point-of-sale terminals read credit card information off of the magnetic strip customers would swipe through them. The customer’s identity could then be verified with a signature, an ID, or a ZIP code. Of course, these safeguards were easy to defeat if you had a stolen card. Signatures and IDs can be forged, and a cardholder’s ZIP code is often easy to guess.

All credit cards now have an EMV chip. The presence of the chip verifies the authenticity of the card and can allow for customers to use encrypted PINs to authorize transactions. It’s much more difficult to steal credit card information from EMV chips, and fraudsters can’t create cloned cards with valid or functional EMV chips. By requiring customers to use EMV chip-verified transactions at the point of sale, we can screen out many of the more commonplace forms of credit card fraud.

Unfortunately, most terminals are set up to allow for transactions to still be processed off of the magnetic strip to accommodate older cards without chips, or cards with malfunctioning chips. This is the loophole that fraudsters are now trying to exploit.

Bypassing Security With Fake EMV Chips

In this new scam, the perpetrator takes a credit card and installs a fake EMV chip in it. When they make a purchase at a retail establishment, they insert the card in the chip reader, which will report an error because the chip cannot be read. Then, they will tell the sales clerk that they’re having problems with the EMV chip on their card and ask if they can complete the transaction by swiping the magnetic strip.

If the clerk says yes, the fraudster can swipe the card and completely bypass the EMV verification.

In this way, a criminal can make a purchase on a stolen or cloned credit card without the EMV chip stopping them. But there’s another layer to this scheme, if the fraudster owns the credit card or has access to the full account credentials, they can call the issuing bank, report the transaction that they just made as fraudulent, and get the funds returned to them.

There was a recent case where a cardholder made a high-value purchase at a jewelry store, complained that the chip reader wasn’t working, and was allowed to swipe their card. A few days later, they filed and were granted a chargeback on the purchase. They walked away with both the jewelry and their money, and the store took a big hit.

The major card networks have established clear rules around EMV chips in order to encourage their use. If a merchant allows a customer with an EMV-enabled card to make a purchase by swiping the card instead of inserting the card in the EMV enabled terminal, then any chargebacks filed against that transaction will automatically be found in the cardholder’s favor.

Conclusion: From Now on We Only Accept EMV Verification

The best way for merchants to prevent this new scam is to be very consistent about only running point-of-sale transactions via EMV chip insertion. Allowing customers to swipe EMV-fitted cards exposes them to too much liability and risk, given that they’ll have no standing to dispute any chargebacks filed against those transactions. While it is possible to lose sales and alienate some customers by refusing to allow them to swipe their cards when the EMV reader returns an error, most customers should be understanding. They know that EMV chips protect them, too, and they will typically have another card or some other payment method available.

We need to protect ourselves and our customers by no longer allowing magnetic strip transactions.