{"id":11929,"date":"2016-04-25T09:00:35","date_gmt":"2016-04-25T13:00:35","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=11929"},"modified":"2019-11-15T06:57:33","modified_gmt":"2019-11-15T11:57:33","slug":"us-emv-transition-increases-fraud","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/us-emv-transition-increases-fraud\/11929\/","title":{"rendered":"Transition to chip-and-pin cards increasing fraud in U.S."},"content":{"rendered":"<p>Curios fact: in the United States the transition of merchants to EMV cards (popularly known as chip-and-pin cards), which has the purpose of fighting fraud, is actually <a href=\"http:\/\/gizmodo.com\/chip-enabled-cards-are-actually-increasing-fraud-for-so-1772192950\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">driving fraud losses up<\/a>.<\/p>\n<p>Here\u2019s the thing: despite the fact that the deadline for U.S. merchants to adopt chip-and-pin cards has long passed, there\u2019s still a lot of shops who haven\u2019t switched to the new standard. According to Visa, though the top five big merchants that have adopted EMV saw their fraud levels decrease by 18.3 percent. On the flipside, merchants that haven\u2019t switched over are seeing fraud levels rise by <b>11.4 percent<\/b>.<\/p>\n<p>The reason is that fraudsters are really desperate in an attempt to get their money while the transition is in transition.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Are You Ready for Chip-and-PIN Credit Cards? Hackers Are! <a href=\"https:\/\/t.co\/GLUnTnIfuK\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/GLUnTnIfuK<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/itsecurity?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#itsecurity<\/a><\/p>\n<p>\u2014 CBIZ Pivot Point Security (@pivotpointsec) <a href=\"https:\/\/twitter.com\/pivotpointsec\/status\/723572130554777600?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 22, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>What is the difference after all?<\/h3>\n<p>The magnetic stripe on your card contains static data in plain text. Since the data is unencrypted, it\u2019s not that difficult to steal it using rather cheap and common hardware, called <a href=\"https:\/\/www.kaspersky.com\/blog\/skimmers-part-one\/7223\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">skimmers<\/a>. And since it is static, once stolen the data can be used to clone your card and to steal your money as a result.<\/p>\n<p>Think of this data as a \u2018password\u2019: a culprit needs to steal it just once, and after that he\u2019s able to login to your account any time he wants.<\/p>\n<p>In contrast, a new shiny chip-and-pin card, as you can guess from its name, contains a built-in chip which does some crypto magic. Instead of static \u2018passwords\u2019 new technology uses dynamic ones securely generated for each payment individually.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Bank?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Bank<\/a> cards: hidden risks. <a href=\"https:\/\/t.co\/6XuStklmOU\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/6XuStklmOU<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/onlinepayments?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#onlinepayments<\/a> <a href=\"http:\/\/t.co\/RiR9nYDd38\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/RiR9nYDd38<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/568214689072746496?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 19, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In reality it is a bit more complex, but to put it simply the core idea is very close to SMS one-time-passwords you use to login to your online-banking, or to your Google and Facebook accounts. Stealing a \u2018password\u2019 used for this or that particular transaction makes no sense at all: it won\u2019t work the next time.<\/p>\n<p>Chip in a card is not just a storage of information, but quite powerful computer which can actually talk to payment terminals and ATMs in order to prove its authenticity. It can\u2019t be cloned. Well, perhaps it can be, as long as nothing is really impossible in the digital world, \u2014 but at least this operation would be way more complex than cloning traditional magnetic stripes.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Quantum plastic: an insight into credit cards of the future: <a href=\"https:\/\/t.co\/Yj7Z4ud1Bm\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Yj7Z4ud1Bm<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/cybercrime?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#cybercrime<\/a> <a href=\"http:\/\/t.co\/DL3Y3E9Ybw\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/DL3Y3E9Ybw<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/563379129975066624?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 5, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>All in all, EMV cards are a whole another ballpark for fraudsters. And that is exactly why they are racing against time currently, while they still have an opportunity to use old good cloned magnetic stripes.<\/p>\n<h3>Why is the transition to EMV so slow?<\/h3>\n<p>There are two reasons for this slow chip-and-pin adoption pace: huge cost and bad planning. Can you imagine how many payment terminals are there in the United States? To complete the transition to the new technology, every last one of them has to be replaced with a new one. You bet it will cost merchants a fortune. And nobody likes to pay if it isn\u2019t completely necessary.<\/p>\n<p>The fact is that until October 1, 2015 it wasn\u2019t. Merchants were not responsible for card fraud, credit card companies covered the losses related to any fraudulent purchases. What has changed after the above mentioned deadline is that now merchants who still don\u2019t accept chip-and-pin cards are themselves responsible for these losses.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">What you need to know about card skimmers at <a href=\"https:\/\/twitter.com\/hashtag\/ATMs?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#ATMs<\/a>: <a href=\"https:\/\/t.co\/Yvzw65SXFT\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Yvzw65SXFT<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/cybercrime?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#cybercrime<\/a> <a href=\"http:\/\/t.co\/X4z4hEl7Mk\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/X4z4hEl7Mk<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/557938395595698176?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Well, and that\u2019s the part where bad planning enters the stage: now there are too many merchants at once who want to switch to EMV. The problem is, buying new equipment is just the first step, the payment systems must be certified in order to start working. And there\u2019re simply too many merchants waiting in line, so the certification process <a href=\"http:\/\/www.nytimes.com\/2016\/03\/23\/business\/chip-card-payment-system-delays-frustrate-retailers.html?_r=0\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">will take considerable time<\/a>.<\/p>\n<p>And fraudsters definitely are going to use this time to make their buck.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Surprise! Transition to chip-and-pin cards is increasing fraud in #USA<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Fr6Mo&amp;text=+Surprise%21+Transition+to+chip-and-pin+cards+is+increasing+fraud+in+%23USA%3Cbr+%2F%3E%0A+\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<h3>What does this mean for me?<\/h3>\n<p>Using plastic cards was never completely safe, but now it is even more dangerous since it\u2019s clearly an outbreak of card fraud happening right now in U.S. That\u2019s why you should be <a href=\"https:\/\/www.kaspersky.com\/blog\/skimmers-part-two\/7327\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">more cautious<\/a> and follow these tips:<\/p>\n<p>If you still don\u2019t have a chip-and-pin card, ask your bank or credit card company to issue one to you.<\/p>\n<p>Should you use an ATM, choose one located in well-lit and secure areas \u2013 the best choice is ATM inside of a bank. Respectively, avoid using standalone ATMs in secluded areas or in dark alleys.<\/p>\n<p>Instead of signing your card, write ask for ID on the reverse. Should you use a non-EVM machine, this will add an additional layer of security for you and show if the cashier is up on their security.<\/p>\n<p>Keep an eye on your card charges. If your bank provides SMS notifications, enable this option. You can also set up email alerts if offered as well. The sooner you discover the evidence of theft, the easier it will be to get your money back.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The big hunt begins: hackers are eager to make their buck before every merchant in US moves to chip-and-pin cards<\/p>\n","protected":false},"author":421,"featured_media":11931,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1571,1570,1575,1572,1573,1574,1535],"class_list":{"0":"post-11929","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-chip-and-pin","9":"tag-emv","10":"tag-financial-data","11":"tag-magstripe","12":"tag-plastic-cards","13":"tag-transition","14":"tag-usa"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/us-emv-transition-increases-fraud\/11929\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/us-emv-transition-increases-fraud\/7065\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/us-emv-transition-increases-fraud\/7095\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/us-emv-transition-increases-fraud\/7053\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/us-emv-transition-increases-fraud\/8232\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/us-emv-transition-increases-fraud\/8060\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/us-emv-transition-increases-fraud\/5831\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/us-emv-transition-increases-fraud\/7535\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/us-emv-transition-increases-fraud\/11188\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/us-emv-transition-increases-fraud\/11929\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/us-emv-transition-increases-fraud\/11929\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/chip-and-pin\/","name":"chip-and-pin"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11929","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=11929"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11929\/revisions"}],"predecessor-version":[{"id":30281,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/11929\/revisions\/30281"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/11931"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=11929"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=11929"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=11929"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}