language
What are EMV cards? The search for security systems for credit and debit cards has been a constant in recent decades. The EMV system is another part of the evolution of card security, in this case, based on the incorporation of the chip in the card, something already common and widespread nowadays.
Technological progress surprises us every day. And companies are continually seeking to optimize their services. The EMV system (Europay MasterCard VISA), which bears the name of the three companies that have developed the project, consists of a chip card (IC) that authenticates credit and debit card payments.
The advantages of this card is the search for greater security in the transactions between cards and terminals, since the EMV card validates the operations thanks to the information stored in its chip.
It should be clarified that EMV is a new standard for means of payment (both credit and debit) defined by Mastercard and Visa, which is mainly characterized by being based on chip technology. Unlike the magnetic stripe, this chip is an active security element, since it is the card itself that prevents tampering and guarantees its authenticity.
Therefore, fraud actions are reduced, which with magnetic stripe credit cards (although it is a little slower due to the amount of cryptographic calculations) occur daily, and it is also possible to have greater control in the approval of offline payments.
In this way, when we insert the chip card into the terminal, it is authenticated and allows terminals compatible with the EMV standard to check the validity of the card. In addition, this type of EMV technology offers the possibility of verifying that the user is really the holder of the card being used.
And as if that were not enough, it evaluates the risk based on parameters that the issuer has entered in the chip, as well as those of the card issuing company that the distributor or terminal supplier has entered on behalf of this entity. In this way, this technology brings greater security to transactions because it processes the purchase by means of the chip, which cannot be cloned, as is the case with the magnetic stripe, and requires the cardholder to type in his password. Clearly, increasing the security levels of our cards is a basic element for better control of personal transactions.
This new global trend has already led to the mass use of the EMV system, although magnetic stripe cards will continue to be used. In addition, it should be noted that these cards incorporate the chip but still have a magnetic stripe, so they are accepted in all stores and ATMs worldwide.
So much so that the Eurosystem decided that all cards issued since 2012 will have to have this EMV or chip security system, which means that all plastic cards will become chip-only cards, leaving the magnetic stripe behind forever.
It should also be noted that this chip is mandatory throughout Europe from 2011.
As time is showing, this is not a replacement system, in fact, the bulk of these smart cards are being combined with the use of the magnetic stripe.
It is worth reviewing the evolution of cards from the implementation of the magnetic stripe to this new step taken a few years ago.
First of all, we must bear in mind that the magnetic stripe is a technology that has been incorporated into credit cards for almost four decades. Starting from a rudimentary operation in which these magnetic strips stored data on a plastic strip and sitting on the card with an iron oxide coating (which generated the data on reading), although it has evolved in terms of materials and technological application, it has not evolved excessively as a concept.
This fact means that, logically, almost four decades of similar technology has generated by fraudulent uses, a real collection of options for cloning cards, stealing card data or simply making fraudulent use of a card.
In the search for alternative solutions in combination with the magnetic stripe, the EMV system appears.
Obviously, on paper, the main advantage of this system lies in the fact that it increases security.
Unlike the magnetic stripe, which stores data on the card itself, the use of an embedded chip became increasingly popular in the last years of the last century when it became clear that this technology guaranteed higher levels of security.
The fact that the information stored in the chips, and the need for a response from the devices used to generate the card authorization, made this use of a small microprocessor incorporated into the cards more effective, and in fact, little by little, in many countries it has been displacing the traditional card reader systems, which, although they still exist, are a kind of device in disuse for the future.
Replicating this type of card is much more complex than cloning an exclusive use card with a magnetic stripe. For this reason alone the security levels are already much higher, and, to this we must add the fact of the different operating models, remembering that the cards not only have their own smart chip but also have added levels of security starting with the personal identification numbers themselves that are not removed (another different issue is the subject of contact less payments).
The main problem lies in a universal fact: there is no total guaranteed protection for our cards in any case.
It is in the combination of security elements of the cards, the devices, and in the proper use of the cards by the user that we will find elements to minimize the risks, but these will still exist.
Evidently, displacing the risk of mechanical duplication inherent to magnetic stripe cards is already an achievement, but, this technology still has vulnerabilities such as malware attacks aimed at obtaining data that are not mitigated by the use of these cards since we must remember that not all transactions that we can perform require the physical presence of the card, that is, by simply using malicious software to capture data (something to which our cards are vulnerable) or by using such software to obtain personal data such as the card’s private access number, the criminal can fraudulently use our cards.
It is very important to take this into account because, if indeed these chip cards are very effective in face-to-face use, nowadays a great majority of card frauds are committed precisely in operations or actions in which the card is not present and only the data is used.
If there is one thing we have learned over the last 20 years about card vulnerabilities, it is the need to constantly evolve protection systems.
Keeping a technology unchanged for a long time means exposing the risks of vulnerabilities exponentially. In the future, payment models, which seem to be evolving more and more towards the non-physical use of cards, will be accompanied by security and barrier systems between the cards (chips) and the payment devices, with an ever-increasing search for efficiency in both areas.
On the other hand, we have also been contemplating over time the evolution in the use of cards from a practical point of view, with experiences of all kinds including, for example, those that seek to increase the presence of the user in transactions through, for example, logging into bank accounts associated with the card, as an added element of protection, something already in practice in some countries around the world in a quick and simple way, and above all adding even more levels of guarantee and security.
