Browsing posts in the Nextdoor app recently, a social network for neighborhoods, I saw three posts about people’s credit card numbers stolen by skimmers, devices placed on top of an ATM or gas station card reader that captures card information when you insert and remove your card.
These stories are not all that common in my hometown, but skimmers are widely used for theft around the world. In the United States, credit card fraud and identity theft cost consumers like us $16 billion in 2016. With more than 15 million individuals impacted by fraud in 2016, it is important to know what technologies are more secure and how you can avoid credit card fraud.
Why swiping isn’t secure and EMV chips don’t do much more
The little black magnetic strip on the back of your credit card was a massively disruptive technology when it came to the public in the 1970s. That took credit cards from the era of physical imprints to magnetically encoded data that could be verified via a phone connection.
Magnetic strips are so powerful and so cheap that they are used everywhere. From the back of your driver’s license to your hotel room key, those black magnetic stripes of encoded data are versatile and useful for many purposes, including swiping a credit or debit card at an ATM or point of sale to make a purchase.
But the very reason those magnetic strips are easy to use in stores makes them susceptible to theft. A devious restaurant server might swipe your card through a pocket-sized device to steal your information, or it can be skimmed using a device attached to an ATM, gas station pump, or other kiosk.
EMV chips, those little security chips that started showing up on cards in the United States over the last few years, was founded in Europe in the 1980s as a method to lower card fraud. In Europe, credit card transactions generally require a chip and PIN combination. The chip processing terminal uses a unique code to verify the card and the transaction must be authorized by a PIN similar to a debit card PIN transaction in the United States. If the unique code and PIN are both correct, the transaction is approved. If not, it is denied.