Most credit cards in the U.S. still come with magnetic stripes on the back — reserved for “swipe-and-sign” transactions. However, magstripe cards are easy to clone, making them prone to fraud and abuse. Signatures offer little additional protection, which is why the major credit cards have recently dropped this verification requirement.
In recent years, the payment industry has encouraged customers and businesses to shift from magstripe technology in favor of:
Both are more secure than their legacy magstripe counterparts, but which one offers the most protection from payment fraud?
Let’s take a look.
The Security Benefits of EMV Credit Cards
EMV credit cards come with embedded security chips that are very difficult to clone. As such, the original card must be present when initiating in-store purchases. Instead of “swiping” their plastic at the checkout counter, customers can “dip” their EMV cards into the chip reader.
In most countries, authorizing the purchase requires a personal identification number (PIN) that only the user knows. This chip-and-PIN technology exists in the U.S., but many card issuers also distribute chip-and-signature cards, too.
Even though the credit card companies no longer require signatures as an authorization step, many merchants (and consumers) still expect it. This means someone using a stolen EMV credit card can technically authorize fraudulent purchases using a forged signature.
The Security Benefits of Contactless Credit Cards
Contactless credit cards leverage near field communication (NFC) technology to establish a wireless connection with the cashier’s terminal. Some cards (and readers) require a signature to complete the transaction. However, most contactless purchases use PINs.
The transaction is initiated when the customer “taps” his or her contactless card against the reader, but for a connection to occur:
- The cashier must first ring up the sale
- The card must be within two inches of the terminal
This is pretty secure, but it’s technically possible to hack a reader, ring up a sale, and get really close to someone’s wallet — without the person knowing.
If that card allows for signature authorization, a thief can dip into the customer’s account and rack up fraudulent purchases.
Which Option Is Safer: Contactless Cards or EMV Cards?
Both payment options are safer than magstripe plastic, but they also both possess security limitations:
- Cards that use a signature requirement are easy to abuse if they ever fall into the wrong hands. After all, anyone can forge someone else’s signature.
- The security benefits of EMV cards and contactless plastic don’t matter when shopping online. In fact, all credit cards offer the same protection in the world of e-commerce — even legacy plastic – using the three- or four-digit card verification value (CVV) otherwise known as the code on the back of the card (or on the front of American Express).
There’s one more glaring hole to consider.
Because both types of cards have magstripes on the back, they can still be used to make purchases with legacy readers. A thief could theoretically:
- Steal an EMV chip-enabled credit card
- Tell the cashier that his or her “chip” is broken
- Request that he or she be allowed to “swipe” instead
The transaction will go through. The same is true if that thief starts with a stolen contactless credit card instead.
Yet, contactless payment technology does have one major advantage over EMV credit cards.
Contactless Technology Means You Can Leave the Card at Home
It’s possible to securely “link” credit cards to smartphones or wearable devices — provided they also come with NFC capabilities. This makes it much harder to steal a user’s payment information since:
- The smartphone must be unlocked first
- The correct payment app must be open
- The phone must be very close to the terminal
Payments made through card-connected mobile devices or other wearable technologies benefit from the most fraud protection. Because legacy, contactless, and EMV credit cards can all be linked to NFC-enabled devices, this is the best strategy.
There’s one more consideration, though.
Offer Your Customers Secure Payment Options
Even though card-connected mobile devices offer the greatest protection, some of your customers might still prefer using physical plastic.
Your business could be at risk if you don’t take steps to reduce fraud within your payment environment.
In addition to choosing a PCI-compliant payment processor and upgrading to the latest payment terminals capable of accepting EMV and NFC payments, it’s important that you explore security features such as:
To learn how BluePay’s advanced security solutions can help protect your business, schedule a free consultation with our team today.