EMV security vastly reduces card fraud in the US

EMV chip cards are widely credited for a significant reduction in face-to-face transaction fraud, in all the countries where they’ve been implemented. ​​​​​​​​​​​​​

Thanks to its numerous security features, EMV countries have seen dramatic reductions in fraud from counterfeit cards and stolen cards, leading to overall fraud reduction.

The UK saw overall card fraud reduced by a third after the implementation EMV in 2004.

In Canada debit card fraud losses fell from a high of $142 million in 2009 to $38.5 million in 2012 – a 73% drop.

And when France migrated to EMV in 2005, counterfeit card theft fraud nearly disappeared.

We are already seeing the same results in the US.

According to Visa, as of March 2017, 2.02 million US merchants accept EMV-capable cards, up 98 percent since the previous year. And for those merchants that accept EMV cards, counterfeit fraud losses decreased 58 percent in December 2016 compared to December 2015.

In both their contact and contactless formats, EMV cards and Mobile EMV payments are fortified with the full protection that EMV affords: two-way authentication of the card and POS, cryptographic verification, and the dynamic code that protects each transaction.

So what’s behind the security of an EMV card?

The chip

Why did the developers of EMV specify a smart card chip inside of every card?

For one reason – security. A smart card chip is a small computer (or microprocessor) that has its own data storage, processing power, and application software. Unlike a magnetic stripe card, a chip is extremely difficult to crack.

A smart chip offers greater security because it contains a secure vault that holds unique keys specific to each card. That key protects your transactions.

A unique code for each transaction

EMV cards generate a unique code that is validated by your bank for each transaction, and the code cannot be re-used.

A fake card created with stolen data could not generate the correct unique code – and its transactions would fail.

Advanced cryptography

EMV security is based on strong cryptography, which is used to generate the unique transaction codes. These codes allow the payment terminal to authenticate the card.

EMV cryptography is built on private key infrastructure, meaning that only a chip card that is personalized with the cardholder’s private key during manufacturing can generate a valid transaction.

DDA offers best-in-class security

EMV cards can use either SDA or DDA, which is Static or Dynamic Data Authentication. DDA has become the industry standard because it is much more effective at reducing card fraud. Visa and MasterCard have mandated a migration to DDA on all EMV cards in Europe and Canada, and it is becoming standard in the US, too.

How effective is DDA at preventing cloning? Extremely.

France's financial authority, the Banque de France, has proudly touted that no fraud cloning cases have been reported since France completed its DDA migration program in 2008.

How does DDA work?

DDA authentication is based on public-key cryptography, typically RSA cryptography. Each card contains a unique public and private key pair that is used during authentication.

When prompted by the terminal, the card uses one key to generate a valid cryptographic code that is sent back to the terminal. This code is unique to that transaction and proves that the card is genuine. The terminal uses the second key to validate the code returned by the card.

What does it take to go DDA?

The move from SDA to DDA requires a chip with a cryptographic coprocessor. This type of processor is necessary to perform the cryptographic calculations that allow a DDA card to generate the unique codes necessary for its trademark authentication process. For card personalization, an additional key pair is generated per card, as well as an additional certificate.

Gemalto can lend expertise in DDA implementation

The advantage of working with the market leader is that new customers benefit from the lessons learned from previous migration programs.

Having partnered with many of the world’s leading card issuers, we have gained expertise from the many DDA implementations we have helped to navigate.

Each country has a different approach to its migration program and unique challenges that have brought to light important considerations for your any program.

Subscribe to receive all updates on contactless in the US from Gemalto