Browsing posts in the Nextdoor app recently, a social network for neighborhoods, I saw three posts about people’s credit card numbers stolen by skimmers, devices placed on top of an ATM or gas station card reader that captures card information when you insert and remove your card.
These stories are not all that common in my hometown, but skimmers are widely used for theft around the world. In the United States, credit card fraud and identity theft cost consumers like us $16 billion in 2016. With more than 15 million individuals impacted by fraud in 2016, it is important to know what technologies are more secure and how you can avoid credit card fraud.
Why swiping isn’t secure and EMV chips don’t do much more
The little black magnetic strip on the back of your credit card was a massively disruptive technology when it came to the public in the 1970s. That took credit cards from the era of physical imprints to magnetically encoded data that could be verified via a phone connection.
Magnetic strips are so powerful and so cheap that they are used everywhere. From the back of your driver’s license to your hotel room key, those black magnetic stripes of encoded data are versatile and useful for many purposes, including swiping a credit or debit card at an ATM or point of sale to make a purchase.
But the very reason those magnetic strips are easy to use in stores makes them susceptible to theft. A devious restaurant server might swipe your card through a pocket-sized device to steal your information, or it can be skimmed using a device attached to an ATM, gas station pump, or other kiosk.
EMV chips, those little security chips that started showing up on cards in the United States over the last few years, was founded in Europe in the 1980s as a method to lower card fraud. In Europe, credit card transactions generally require a chip and PIN combination. The chip processing terminal uses a unique code to verify the card and the transaction must be authorized by a PIN similar to a debit card PIN transaction in the United States. If the unique code and PIN are both correct, the transaction is approved. If not, it is denied.
In the United States, we opted for a worse solution, chip and signature. While we had a great opportunity to enforce chip and PIN, we went with the less secure option. While an EMV chip may prevent your card from being used at a physical location for a fraudulent transaction, a skimmer can pick up everything needed to steal your card information for use online. Because of this, the transition to EMV chips does a little bit to decrease fraud, but not nearly on the scale that was possible.
What are Apple Pay and Android Pay?
While many Americans were wondering about the new security chips on their credit cards, Apple and Google released two popular payment platforms of their own, Apple Pay and Android Pay.
Apple Pay, Android Pay, and similar products released by Samsung and other competitors use a technology called “tokenization” to securely process transactions. In a transaction with these technologies, you never need to pull your credit or debit card out of your pocket or wallet. You just tap your phone on a participating terminal and it takes care of the rest.
Unlike a magnetic strip transaction that sends your card data to other networks, EMV chips send a unique code making the transaction a bit more secure. But when you use a tokenized transaction, a completely unique one-time code is used that doesn’t include any of your card’s information in any way that criminals can capture and use. If everyone had used Apple Pay and Android Pay, the massive breaches at Target and Home Depot would not have been nearly as successful.
In a tokenized transaction, the unique code is generated between the terminal and card processor. Even if a bad guy were to steal that code, it would be worthless, as it is only valid for one transaction.
As long as your phone is physically secure, your software and apps are up-to-date, and you use secure, strong passwords, tokenized payments through your phone are much, much more secure than any card based transaction.
Getting started with tokenized payments
All merchants are not upgraded to take smart ship transactions, let alone tokenized payments, but they are growing in popularity. Large convenience store, drug store, and other chains are leading the charge to accept payments from a digital wallet. About a third of merchants currently accept mobile wallet payments, according to a J.P. Morgan survey.
Starting with digital wallets is easy. Just open the Apple Pay, Android Pay, Samsung Pay, Chase Pay, or other mobile wallet app. If you don’t have it already, you can install them for free from your phone’s app store. Choose your app based on your phone and supported bank options. Not all banks currently support digital wallet payments.
I have an Android phone, and adding cards to Android pay is simple. I can even take a picture of the card and my phone will automatically fill in the account number and expiration date so I don’t have to type. Add in any cards you want and set a default card for payments.
Making payments at the store is just as easy. Mobile payments use a technology called NFC, or near field communication, to send the payment data to a waiting terminal. Just hold your phone by the terminal when NFC is turned on and the payment will just work. If NFC is not turned on or you want to use a different card, just open your app and choose the card you want before tapping.
Some security experts worry about mobile payment security, but that is tied more to the security of your phone than the actual payment. Using strong passwords and keeping your phone updated is vital to keep your digital wallet secure.
Go forth and tap
As of the start of the year, estimates are that under 20 percent of Americans had tried a mobile payment, but those numbers increase each month as new merchants accept mobile payments and our phones become even more pervasive in our daily lives. They won’t protect you from hacks like the one that happened at Equifax, but they do plug one security hole in our digital lives.
But if you are worried about your card data security, moving to mobile payments is sure to up your payment safety. Before you know it, you’ll be more used to the beep than the swipe. When that happens, you know you’re on the right track.
