Just because your new credit card has an embedded chip, you’re not immune to fraudulent use, the FBI said.
The new cards, which have a gold chip in place known as an EMV chip, may be used by retailers that have upgraded to an EMV terminal. Transactions using the chip “transmit data between the merchant and the issuing bank with a special code that is unique to each individual transaction,” the FBI explains. That means that even if hackers or other thieves steal the data from a particular transaction, they can’t use that information for any other purchases. That’s distinct from the traditional magnetic strip in place on the back of cards, where information remains the same across transactions.
“Although EMV cards provide greater security than traditional magnetic strip cards, an EMV chip does not stop lost and stolen cards from being used in stores, or for online or telephone purchases when the chip is not physically provided to the merchant, referred to as a card-not-present transaction,” the FBI reminded consumers in a public service announcement issued on Tuesday.
“The FBI encourages merchants to handle the EMV card and its data with the same security precautions they use for standard credit cards,” the PSA added. “At a minimum, merchants should use secure servers and payment links for all Internet transactions with credit and debit cards, and information should be encrypted, if possible, to avert hackers from compromising card information provided by consumers.”
According to the Smart Card Alliance, an association that includes credit card companies such as Visa, Mastercard, and American Express, 120 million Americans had already received credit cards with the new EMV chips as of February.
Traditionally, credit card issuers have taken responsibility for fraudulent charges that were made on their customers’ credit cards. However, under a new law that went into effect on Oct. 1, that burden will shift to retailers in the event that they have failed to upgrade their point-of-sale systems.
“Consumers are urged to use the EMV feature of their new card wherever merchants accept it to limit the exposure of their sensitive payment data,” the FBI said.
