Tuesday’s Tip: How does Chip on Card / EMV effect eCommerce?

 

With the October 15th deadline for EMV cards rapidly approaching.  You’ve probably noticed some of your favourite retailers have gotten new credit card terminals.  For those of us that depend upon credit cards as a form of payment, this has raised some questions about the future of how we accept credit cards.  First off, the october 15th deadline isn’t a law, it isn’t a day where all magnetic stripe cards will stop working, it isn’t even that terrible if you aren’t ready for it.  On October 15th, if you are a brick and mortar store, and you don’t yet accept EMV cards, if you accept a fraudulent credit card, you have to pay for it, the bank won’t reimburse you.  chip-card-square-header

This all stems back from the big data breaches we’ve seen in the last few years.  Magnetic stripe cards are insanely easy to read and duplicate.  You can buy everything you need from Amazon for less then $200.  This wasn’t a huge deal because credit card numbers are encrypted on the terminal before being sent to the bank for verification.  The target data breach was a new class of cyber attack.  Criminals injected new code into the credit card terminal itself so that they could grab a copy of the card number before it was encrypted.  To prevent this from happening again, card readers are now built with the encryption built right into what is called the “Read Head” this is the magic thing that turns the magnetic data into ones and zeros the credit card terminal can understand.  The card data stays encrypted all the way to the bank.

But, since credit card skimmers are still a problem, as a country we’re switching to EMV.  It’s worthwhile to note that most of the rest of the world has been using EMV instead of magnetic stripes for a long time.  Jordan (the other Novak here) even told me that when he was in Mexico, some merchants had no idea how to use his normal american credit card because it didn’t have a chip in it.

Nordea_e-kodSo, how does this effect those of us who take credit cards online?  The great news is.  It doesn’t…  At-least not much.  Some people believe that online fraud may surge since thieves won’t be able to make fraudulent credit cards any-more.  I’m a little sceptical that this will effect niche markets, and information marketers as much as big-box retailers that sell things that can be converted to cash at WalMart or other brick and mortar stores (like DVDs, CDs, clothing, etc…).

There are a few ways to process transactions using EMV online.  But they require each consumer to have a special machine that looks like a calculator that they put the card into, type in a number provided by the online site, and then read a number off the device back to the website.  The problem with this, and the reason banks haven’t started shipping these calculator things is that each bank has a slightly different way of doing things, so there isn’t a Standard yet.

My conclusion…  Unless you are selling generic goods that can be converted to cash, or easily re-sold.  I wouldn’t worry.  We’re not worried.

Leave a Reply