Chip and Pin – Why Bother?

Credit Card picture with embedded chip

If you work in retail or use a credit card, you have come across the latest technology: chip and pin.  In the U.S. this is a newer and less prevalent technology than it is in the rest of the world.  However, that does not diminish its importance.

The more technical name for this technology is EMV (a shortened version of the card schemas: Europay, MasterCard, and Visa) but you can find usually find both phrases used in discussions about it.  You may wonder what good it is and why it matters.  If you are a company that accepts credit cards, this is a technology crucial to your future.  The sooner you embrace it, the better.

 

Chip and pin cards are more secure than traditional card swipe solutions.  This is due to more built-in validation and verification.  Without getting too technical, the big difference is that traditional cards use only a card number and expiration date in a transaction.  The chip contains much more information that can be used to make it that much harder for hackers to fake a transaction.

This increased security comes at a cost.  However, the major financial institutions are putting pressure on merchants to accept these more secure cards anyway.  These institutions often pay for fraudulent transactions.  Thus, a reduction in fraud is a quick way to improve the bottom line.

You may have noticed as a user that signatures are not needed for a chip card transaction.  Instead of a signature, a pin is used.  This is one of the ways this sort of transaction is more secure.  How often have you seen a store clerk validate your signature?  This is an easy “security” feature to circumvent as the bar is pretty low for a forged signature.  When a pin is required then there must have been either a willing share of that pin or somehow the fraudster found a way to steal the number.

In October 2015 a change was made to the liability agreements of major card issuers.  Due to that change, a merchant can now be liable for fraudulent transactions using a magnetic card reader.  As an incentive to change they will continue to be protected from fraudulent transactions if they use a chip and pin transaction.

There is a much more complicated series of steps that have to be taken to process a chip transaction and these make it much less likely that fraud will occur. This not only saves a company from the liability of fraudulent charges, it also limits access to key account information.  A vendor will thus have less information they never wanted to know.

Moving to electronic transactions saved companies from having to tear up the paper used to make a credit card impression.  Similarly, the chip cards remove the need for an account number to ever be known by a merchant.  This is an example of what you don’t know can’t hurt you.

 

The challenge in using chip and pin in the U.S. is twofold.  One issue is that there are not a large number of technical resources available with the experience to adapt the old systems to the new technology.  Like all new technology issues, the “newness” limits the pool of those that have “done it before.”  The other issue is that the integration with magnetic readers is questionable.  The integration with a scanner was built far enough in the past that there is no longer a large number of resources current in the technology.  It is hard to find resources that have done the core work required to integrate software with hardware like a card reader.

One of the things to look for when moving to chip and pin is a solution provider that can understand the complexity of processing transactions.  In the past, it was a matter of getting an account number and expiration from a reader.  No further data was needed.  Chip transactions follow a much more complicated flow.  For example, these steps are often a part of the transaction.

  • Card Detection
  • Find supported applications
  • Select Application
  • Read Application Data
  • Authenticate Data
  • Verify Cardholder
  • Processing Restrictions
  • Terminal Risk Management
  • Decide on terminal action
  • Decide on card action
  • Online/Offline Decision
  • Online Processing
  • Analyze Results
  • Complete Transaction

As you can see, the chip transactions are new to many providers on the hardware side.  However, there are also a much more complicated series of business transactions to be performed.  This situation often makes pure technical providers struggle to solve this problem.  They lack the business knowledge needed for it to be solved correctly.

 

The two main problems that need to be solved in building a reliable chip and pin system are: integrate with the hardware and the ability to create complex transactions.  Integrating with the hardware varies in complexity.  Unfortunately, there are many situations where a good library has not yet been built.  This means the solution relies on developers that can build their own.

You may not find developers that have specific experience in this technology.  Luckily you can find related experience in developers that have worked with card readers of various sorts in the past.  In particular, good resources have created a custom solution (work beyond using a library).

There are options for finding resources that have solved complex transactions as well.  There are a lot of similarities in health care where a transaction often includes several steps.  These steps include determining the transaction type, payer information, and validation/verification, among others.  Therefore, resources with healthcare experience are a great option for chip and pin projects.

Look for resources that have both of these types of experiences in their background.  Then you can be confident there is not going to be much they will see in a chip and pin project that they have not seen before.

In any case, chip and pin technology is the way transactions are moving.  Thus, even in the U.S., the sooner you embrace this technology, the more advantage you will have over competitors that drag their feet.  We recognize this challenge and would love to help you overcome it.

 

Learn More

Although you can find a lot of good articles with a Google search of “chip and pin”, this is a great summary article to get you started.

Leave a Reply