Categories
Credit Card Processing Security

EMV and Counterfeit Cards

You have heard all the talk about the “Liability Shift” – well the October 1, 2015 deadline has past and the world has not come to an end.  As you are aware the new credit and debit cards that are being issued have a microchip embedded on the front of each card. The purpose of the microchip is to make it harder for criminals to use your debit/credit card fraudulently and is designed to meet the EMV standard. Now we all know that there will always be criminals and having this new technology is not going to prevent other forms of card fraud.

EMV- which stands for Europay, Mastercard, and Visa – is the global standard for smart cards.  Europay, Mastercard, and Visa were the original payment brands that came together to create the standard. The standard has since been regulated by American Express, Discover, JCB, MasterCard, UnionPay, and Visa and is now known as EMVCo.

Four things should be noted about the liability shift:

  1. The arrival of October 1 does not mean that all debit/credit cards need to be EMV, it means that merchants need to be ready to accept chip-enabled cards by that date if they do not want to be affected by the new fraud liability rules.
  2. Upgrading POS systems to accept chip cards is not legally mandated- it is an optional measure to protect your business from fraud liability.
  3. Even if you have an updated EMV-compliant POS machine, if you run a counterfeit chip card via the magnetic strip reader instead of the chip reader, you will be liable for the fraud.
  4. Even if the counterfeit card swiped at a traditional POS machine is in the form of a traditional card, you will be liable for fraud if the data on the counterfeit card was obtained from a legitimate chip card.

What is a Counterfeit Card?

Counterfeit credit cards are fakes that have real account information stolen from victims. Often, the victims still have their real cards, so they don’t know a crime has occurred. The cards appear legitimate, with issuers’ logos and encoded magnetic strips. To create a counterfeit card, criminals go into any local supermarket and grab prepaid debit cards you normally buy as gifts. Honest people go to the counter check out and activate the card by loading a dollar amount onto the card.  For criminals however, they are just shells – they want them to look like a real credit card and don’t care about the numbers embossed on the front or anything printed on the card such as: “A Gift For You”.  All they want is a card that looks like the real thing and has a mag stripe so they can load stolen data onto the back of this card and use it at another store.  Now the cashier that gets that card will think it’s just another one of the dozens of cards they accept each day and will just swipe away!  A counterfeit card created, sold on the street and used to buy goods and services is as easy as 1-2-3!  Scary, I know.

There are things that merchants can and should do even without EMV-enabled equipment to protect themselves.  By setting your current credit card terminal or POS system to prompt for the the last 4 digits of the card number on the front of the card and using the CVV/CID from the back or front (American Express) of the card are great tools to prevent fraud!  Why?  It really is quite simple – when card data is stolen and encoded onto a “shell” the information will not match.  For example:  The last four digits of your card are 6848 however the stolen data that was encoded on the “shell” end with 1298.  Unless it is a very sophisticated criminal group, most counterfeit credit cards are crudely encoded and are designed to just “get the job done” rather than impress.

Skip to content