💳 Save money on credit card processing with one of our top 5 picks for 2024
WRITTEN & RESEARCHED BY
Expert Contributor
UPDATED
The EMV liability shift is well underway and customers have started dipping those cards. At this point, most small business owners are probably wondering why the heck everybody is talking about chip-and-PIN cards when everybody seems to be using chip-and-signature. What’s the difference between chip-and-PIN and chip-and-signature cards?
Table of Contents
Let’s go over how the whole magstripe/chip thing works again. Magstripes have secret numbers embedded in the little black box on your card. When you swipe it, the machine reads the numbers and sends them over the internet or phone lines to verify that the numbers are correct. Credit card companies have decided to update these cards because with magstripe, it’s easy for less-than-honest people to grab the secret information when the card is scanned or while the numbers are in transmission. Since magstripe numbers never change, fraudsters can wreak a lot of havoc with this information.
On the other hand, chip cards basically have a tiny embedded computer. When you dip the chip, it interacts with the terminal’s computer. First the card will send a secret, encrypted, randomly generated message, to the terminal which is interpreted by the terminal with a secret key, then vice versa. This way the card and the terminal make sure that everything is authentic.
To verify that the person using the card isn’t a thief, the card user has to put in a PIN (which should match the PIN stored in the card or on the banks servers). Or, if the card is chip-and-signature, the person just has to sign their name and the cashier may-or-may-not verify that it matches the one on the back of the card. It’s no wonder one expert said that chip-and-signature cards are the equivalent of “locking the front door and leaving the back one open.”
Alright–that last sentiment is a bit too dramatic if you ask me, but it got your attention, right? Here’s the thing: chip cards make it incredibly difficult for fraudsters to make a fake card because everything is encrypted. The verification method (PINing or signing) determines how difficult it is for a thief to use a legitimate, but stolen, card. For a chip-and-PIN card, the thief has to know the PIN. For a chip-and-signature card, the thief just has to be half-way decent at forging a signature (if the cashier even checks at all). Since fake cards are a much bigger problem in the US than stolen cards, it really isn’t a big problem.
Short answer: it’s a work in progress. There are two big reasons we aren’t going straight to chip-and-PIN. The first reason is, the credit card companies don’t think that consumers can handle that much change. They’re used to swiping and signing, now they need to get used to dipping and signing.
Before you go off on a tirade about how humans aren’t that stupid (I wanted to when I learned this), there’s proof: when card companies in Canada rolled out chip cards, those who sent out chip-and-PIN cards realized that people kept forgetting their PINs. You’d think this would be entirely the consumer’s problem, until you remember that most people have multiple cards, and the card that’s a huge pain is going to be the one that’s used the least. Bad deal for card issuer.
Glad you asked! The good news is, you cannot be held liable if somebody uses a stolen chip-and-signature card with your fancy EMV terminal. Hooray!
The bad news is, you can be liable if somebody uses a stolen chip-and-PIN card at your terminal and you have to fallback to processing it as chip-and-signature. The reasoning is the same as it is for any other EMV-related change: if you had the right technology, theoretically the fraud wouldn’t have happened. Because most cards are going to be chip-and-signature at this point, I wouldn’t worry about this too much. But when the PIN cards start to get more prevalent (which I’m guessing will happen in a few years when ATMs catch up), you might want to think about upgrading your terminal to one that does PINs.
There is a payment process on the rise that bypasses the card altogether, and that’s NFC (near field communication). Customers can connect their cards to virtual wallets like Apple Pay or Android Pay, or connect their bank account directly to applications like CurrentC.
The verification process works much like it does for chipped cards: the phone and terminal send encrypted messages back and forth over short range electromagnetic waves to make sure that everything is legitimate. In the payment application, there will be a verification method like a PIN to ensure the user is correct. The whole thing is all very secure, in theory. It’s also a few years down the road from being widely used.
We’re stuck with regular-old signatures for a while longer, but more secure options are just around the corner. Until then, verify those signatures!
Get in touch with a real human being on the Merchant Maverick team! Send us your questions, comments, reviews, or other feedback. We read every message and will respond if you'd like us to.
Reach OutGet in touch with a real human being on the Merchant Maverick team! Send us your questions, comments, reviews, or other feedback. We read every message and will respond if you'd like us to.
Reach Out
Let us know how well the content on this page solved your problem today. All feedback, positive or negative, helps us to improve the way we help small businesses.
Give Feedback
Want to help shape the future of the Merchant Maverick website? Join our testing and survey community!
By providing feedback on how we can improve, you can earn gift cards and get early access to new features.
Whether you're looking to save money on processing or to get approved for a merchant account, PaymentCloud can help.
Get Started
Help us to improve by providing some feedback on your experience today.
The vendors that appear on this list were chosen by subject matter experts on the basis of product quality, wide usage and availability, and positive reputation.
Merchant Maverick’s ratings are editorial in nature, and are not aggregated from user reviews. Each staff reviewer at Merchant Maverick is a subject matter expert with experience researching, testing, and evaluating small business software and services. The rating of this company or service is based on the author’s expert opinion and analysis of the product, and assessed and seconded by another subject matter expert on staff before publication. Merchant Maverick’s ratings are not influenced by affiliate partnerships.
Our unbiased reviews and content are supported in part by affiliate partnerships, and we adhere to strict guidelines to preserve editorial integrity. The editorial content on this page is not provided by any of the companies mentioned and has not been reviewed, approved or otherwise endorsed by any of these entities. Opinions expressed here are author’s alone.
Whether you're looking to save money on processing or to get approved for a merchant account, PaymentCloud can help.
Get Started
"*" indicates required fields
