FBI Issues Threat Alert on New EMV Chip Cards

WASHINGTON, D.C. — Although newly issued EMV (Europay, MasterCard and Visa) credit and debit cards provide more security against cyberattacks than traditional magnetic stripe cards, consumers are not immune to fraud, the Federal Bureau of Investigation (FBI) warned in a public service announcement issued Thursday.

“EMV cards can be counterfeited using stolen card data obtained from the black market,” the FBI wrote in its statement. “Additionally, the data on the magnetic strip of an EMV card can still be stolen if the POS [point-of-sale] terminal is infected with data-capturing malware. Further, the EMV chip will likely not stop stolen or counterfeit credit cards from being used for online or telephone purchases where the card is not physically seen by the merchant and where the EMV chip is not used to transmit transaction data.”

Convenience store retailers needed to have EMV-compliant devices at the POS as of Oct. 1 or they could be held financially responsible for fraud.

The FBI stressed that consumers should use PIN numbers to verify a transaction, as opposed to signature authorizations.

The FBI alert also provided advice for retailers. “Merchants are encouraged to require consumers to enter their PIN for each transaction, in order to verify their identity,” stated the FBI. “If a consumer uses a signature, merchants should ask to also see a government-issued photo identification card to verify the cardholder’s identity.”

Retail trade groups have long favored banks and credit unions establishing chip-and-PIN transactions and abolishing chip-and-signature transactions, considered to be less safe from cyberfraud.

“Retailers have long-argued that PINs are essential to providing cardholders with the security that they deserve. The FBI’s alert should be a wake-up call to the banks and card networks that continue to stand in the way of making PIN authentication the standard in the U.S. just as it has been around the world for years,” said Brian Dodge, executive vice president of the Retail Industry Leaders Association.

Retailers who believe they have been a victim of credit card fraud are encouraged to reach out to their local law enforcement or FBI field office and file a complaint with the Internet Crime Complaint Center at www.IC3.gov.