Credit Cards Blog

Finance Blogs » Credit Cards Blog » Target breach: A case for EMV

Target breach: A case for EMV

By Janna Herron ·
Thursday, December 26, 2013
Posted: 2 pm ET

While hackers could have stolen account information from the more secure EMV chip cards in a Target-like card breach, the data would have been worthless.

The breach, which compromised 40 million debit and credit cards, highlights how easy it is to clone magnetic-stripe cards used mostly in the U.S. versus the more technologically advanced cards being widely adopted as the standard worldwide.

On traditional mag-stripe cards, the card account information and security code are encrypted and stored on the magnetic stripe. Hackers pick up this encrypted information, decode it and use the information to create counterfeit cards.

EMV chip cards contain a microprocessor chip that produces a different security code each time it's used. Hackers could pick up this code along with the card account information, but the code wouldn't authorize a transaction because it would have already been used.

"There would be no incentive for criminals to do this," says Randy Vanderhoof, director of the EMV Migration Forum, a cross-industry association of companies helping to transition the U.S. payment landscape from mag-stripe to chip cards.

Even with this protection, EMV isn't foolproof. Chip cards are still vulnerable to online fraud, where the card isn't present. And fraudsters will go wherever it's easiest to commit card fraud. After France adopted EMV cards, fraud involving counterfeit cards dropped. But online card fraud quadrupled.

This year, the U.K., which has adopted chip cards with personal identification numbers for even better security, saw a rise in "low-tech" deception fraud. In this type of fraud, consumers part with their cards or give away account information by email or over the phone. Still, overall, U.K. card fraud is way down from its peak in 2008.

The U.S. will experience its own transition as EMV cards become the card du jour here. Visa, MasterCard, Discover and American Express have told retailers that they must be able to process chip cards by 2015. Gas stations have until 2017. The steps to make that happen are underway.

Banks are slowly offering EMV chip versions of their own credit cards. Right now, most of the cards are for business travelers or globetrotters to make it easier to purchase abroad. Come 2015, a breach like the one at Target this month will be a relic of the past.

Follow me on Twitter: @JannaHerron.

Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.