Credit Card Insider is an independent, advertising supported website. Credit Card Insider receives compensation from some credit card issuers as advertisers. Advertiser relationships do not affect card ratings or our Editor’s Best Card Picks. Credit Card Insider has not reviewed all available credit card offers in the marketplace. Content is not provided or commissioned by any credit card issuers. Reasonable efforts are made to maintain accurate information, though all credit card information is presented without warranty. When you click on any ‘Apply Now’ button, the most up-to-date terms and conditions, rates, and fee information will be presented by the issuer. Credit Card Insider has partnered with CardRatings for our coverage of credit card products. Credit Card Insider and CardRatings may receive a commission from card issuers. A list of these issuers can be found on our Editorial Guidelines.
EMV credit cards are more secure because they store data on chips, rather than just magnetic stripes. EMV cards may use chip-and-PIN or chip-and-signature, though some cards feature both.
Almost every credit card issued in the U.S. is equipped with EMV technology. If you need an EMV card with Chip-and-PIN capability in particular, check out our list of card issuers that offer Chip-and-PIN cards.
EMV is a security standard for storing account information on credit cards. It’s an alternative to the magnetic stripe (mag stripe) that has traditionally been used to store information on the backs of cards in the United States.
EMV stands for “Europay, Mastercard, and Visa,” the three companies who began this initiative. It’s a more secure way to store information, providing better protection against some forms of credit card fraud than the older mag stripe, because it can’t be as easily “skimmed” by fake credit card readers.
There are two main types of EMV credit card technology: Chip-and-Signature and Chip-and-PIN. The signature function requires a signature to verify transactions, just like credit cards traditionally have in the past. The PIN function requires a four-digit PIN, just like a debit card.
Today, every chip credit card you get in the U.S. will use Chip-and-Signature technology, in addition to having a magnetic stripe on the back. Some cards also include the Chip-and-PIN function, so they’re more compatible overseas and more secure in the U.S.
There’s much more to EMV technology. But in most cases, especially if you’ll just be using your card in the U.S., you don’t need to worry about anything other than how to make purchases with your EMV card.
If you’re planning to travel outside the U.S., in Canada or Europe, you should probably have a Chip-and-PIN credit card. Although many payment terminals will accept Chip-and-Signature, in some cases you might need a PIN card, like at unattended kiosks and train ticket machines. Be sure to get one that has no foreign transaction fees as well, so you don’t have to pay extra for every purchase.
When you make a purchase with a credit card, the terminal needs to verify that you’re the one who’s actually using the card.
This verification is usually done with a signature in the U.S., and sometimes with a PIN in other countries. The merchant may waive the verification requirement, especially for small purchases.
The chip and the terminal work together to create a unique, encrypted code, called a token or cryptogram. This token is unique to the specific transaction taking place, and will only be used that one time. This number is created from information in the chip combined with information in the terminal, but using instructions contained only in the chip.
This is a dynamic number, meaning it will be different for every transaction. It’s useless outside of that one transaction, and if anyone were able to copy it he or she wouldn’t be able to use it to make purchases with the card. That’s in contrast to the static information contained in a mag stripe, which is always there on your card and able to be copied.
Next, this token needs to be decoded to verify that it came from your card’s chip. To do this, it will either be sent to the card issuer over the internet (known as online verification) or it will be verified within the terminal itself (known as offline verification). Transactions with offline verification will be processed more quickly because they don’t require the online check.
After the token is verified, and the system determines that you have enough available credit on your card, the purchase will be approved.
Chip-and-Signature and Chip-and-PIN are two different Card Verification Modes (CVMs). CVMs are used when making purchases with credit cards, to verify that the real accountholder is using the card and not a fraudster.
Simply put, signature cards will require a signature to verify the transaction, while PIN cards will require a PIN.
The PIN verification mode is more secure than the signature verification mode, of course. Anyone could forge a signature, and most cashiers never even check to see if your signature matches the one on your card. A PIN can’t be so easily duplicated.
Yes, a credit card can have both Chip-and-Signature and Chip-and-PIN capability. All cards issued in the U.S. are Chip-and-Signature, while some also have PIN functionality. The credit card issuer determines the features of the card.
If a card has both signature and PIN capability, it will be set to prefer either one or the other. This is called “signature-preferred” or “signature-priority” in the first case, and “PIN-preferred” or “PIN-priority” in the second.
Most cards that have both functions are signature-priority. But a few are PIN-priority, like the Diners Club cards, some cards from credit unions like UNFCU and First Tech Federal Credit Union, and some store cards like the Target REDCard. In some cases you can set the priority yourself.
When traveling outside the U.S., people generally prefer PIN-priority cards because that’s the norm for most merchants. Some merchants in other countries are less familiar with the signature verification method, and transactions could end up taking much longer.
You can still typically get by in other countries with signature-priority cards, because most terminals can process either signature or PIN verification modes. But in some cases you might have a hard time using unattended self-checkout terminals and kiosks, which might not accept signatures.
When you make a purchase with your chip card by inserting or dipping it into the terminal, it will tell you the verification method required. You can then just follow the instructions it provides.
The switchover to EMV technology began years ago and it won’t finish for several more years still, at least.
Although liability for card fraud falls upon the least-EMV compliant party in most cases, some merchants still use terminals that only accept magnetic stripe cards. This is their choice, and it might currently be the right move for them given their finances and business needs.
The major credit card networks gave all U.S. merchants a set timeline for this shift in fraud liability, giving them several years to install chip-enabled terminals. Automated gas pumps are last, with a deadline for compliance of October 2020.
So credit cards in the U.S. will have mag stripes for many more years to come. There’s no telling when we may see cards issued without them.
The basic advantages come down to account security for card present transactions, as explained below. EMV chips are also more difficult to copy than mag stripes.
Better security should cut down on credit card fraud, in general, which should make the finance industries better for businesses and consumers alike.
EMV cards are known by many names. They include:
EMV and NFC are completely different.
EMV is a set of security technologies and standards, and it stands for “Europay, Mastercard, and Visa.”
NFC stands for “Near-Field Communication,” and this refers to the ability to wirelessly transfer information across short distances. NFC is used in “tap to pay” checkout terminals, where you hold your credit card or smartphone near the terminal to process a transaction. This is also referred to as a “contactless” payment method.
Nearly every card issued today has EMV technology, at least Chip-and-Signature and sometimes also Chip-and-PIN. And there are a growing number of issuers providing contactless cards in the U.S. today.
Yes, debit cards also have EMV technology. Debit cards usually have Chip-and-PIN EMV technology, so they end up working just like they always have.
You’ll use the same card PIN that you always have to make EMV purchases with a debit card. The only difference will be that you have to insert the card, rather than swipe it.
Debit cards use Chip-and-PIN rather than Chip-and-Signature because debit card holders in the U.S. are used to entering a PIN when making purchases. Banks want to make the EMV shift as easy as possible for consumers so they can continue using their cards without interruption. So debit cards still use a PIN, and credit cards generally use a signature — for now.
Ecommerce websites often feature a variety of checkout buttons — which should you click? This can be confusing for customers, and it can be a lot for merchants to manage.
EMV Secure Remote Commerce, also known as “click to pay,” is a new standard that aims to simplify this process, giving consumers a checkout experience that’s consistent across different merchant websites. Rather than dealing with different payment options on every site you visit, you can use the same clean, easily recognizable checkout interface.
Look for this button:
As of October 2019, only a few merchants have adopted EMV Secure Remote Commerce: Cinemark, Movember, and Rakuten. But you can expect to see it popping up more and more; BassPro, SaksFifth Avenue, JoAnn Fabric and Crafts, Papa John’s, SHOP.com, and Tickets.com are all slated to adopt the new standard by the end of 2019. The tech is expected to see wide availability in early 2020.
Jaromir Divilek, Executive Vice President, Global Network Operations at American Express, expects EMV Secure Remote Commerce to make confusing digital checkouts a thing of the past. “Consumers need, want, and deserve payment solutions that are easy, convenient, and secure,” said Divilek. “Click to pay will make the process of shopping online faster and easier, by reducing the amount of manual keying of information during the checkout process, without sacrificing security.”
Every credit card issued in the U.S. is equipped with EMV technology. Check out our Best Card Picks to find the right card for you, whether you’re looking for rewards, a travel card, or a way to build credit.
All EMV cards have the Chip-and-Signature verification mode, but not all have Chip-and-PIN. See our listing of issuers that offer Chip-and-PIN cards if you’re going to be traveling outside the U.S.
No, there are no special or additional fees to use EMV chip cards.
It costs money for credit card companies and merchants to switch over to and maintain EMV technology, of course. These costs are probably passed on to the customer in some way. However, hopefully these security measures result in an overall reduction in fraud, which is a major expense. So perhaps there will be a balance there, or even an overall net reduction in costs.
Yes. The chip in your card doesn’t prevent you from doing anything you normally would with the card. The PIN you use for cash advances may or may not be the same PIN you use for purchases, depending on the card issuer.
However, we recommend avoiding cash advances like the plague, because interest will start accruing on the advance as soon as you take it out. So they should only be used in true emergencies.
Many U.S. credit card issuers offer cards with PIN functionality today. Check out our list of credit card issuers that offer Chip-and-PIN cards.
It depends on the issuer.
Some card issuers will assign you a PIN after you’re approved for the card, like the First Tech Federal Credit Union. They’ll inform you of the PIN by mail.
Others will prompt you to create one, like Barclays, and if you don’t then they’ll assign you one.
Still other card issuers may not assign you one, and they won’t prompt you for one either. You’ll have to either check to see if you have one, or create a new one. Bank of America and Citi are both like this.
You can always check or change your PIN by contacting the card issuer. Some credit card companies let you change your PIN online, while others require you to call.
Usually, but not always. It depends on the card issuer.
Most card issuers let you use the same PIN for both cash advances and Chip-and-PIN transactions. But a few, like HSBC, will give you two separate PINs, one for each function.
Most credit cards issued in the U.S. are currently just Chip-and-Signature. There are about a dozen U.S. issuers that offer Chip-and-PIN cards, however, and their ranks are slowly growing.
Rather than sliding your card through a card reader, you insert it into a terminal slot and leave it there until the transaction is complete. Verify that the screen shows the correct purchase amount. You’ll be given instructions on how to proceed, either signing or entering your PIN.
Inserting your card like this has been nicknamed “card dipping,” but it doesn’t sound very cool so we don’t recommend saying it in public.
Some people have complained that EMV transactions take longer than swiping your card. This might not always be true, however, because the processing time shouldn’t necessarily be longer.
It could be that EMV transactions just feel longer because you need to keep your card in the terminal, rather than swiping it, putting it away, and moving on. When you swipe a magnetic stripe card the terminal reads all the information, and then takes some time to process the transaction. But you can put your card away and start picking up your purchases during that time.
With chip transactions you need to leave the card in the terminal until it finishes processing, and some people may keep their hand on it the whole time. This could make the process feel longer, especially if you’re used to just swiping quickly and looking away.
Dipping your card is the more secure transaction method, so we recommend trying that first. If the terminal doesn’t accept chip cards for whatever reason, you’ll get an error and it will tell you to swipe.
Or, if you try to swipe but the terminal doesn’t accept that method, it will tell you to insert the chip.
If you’re not sure what to do, you can just try one or the other. Or you can ask the cashier for help.
Checkout terminals will usually force you to either dip or swipe your card. In rare instances you may have a choice.
Yes. You can still swipe the magnetic stripe on your card through the reader.
All credit cards in the United States currently still have magnetic stripes because merchants need time to adjust to this new technology.
It depends on your specific card. Most cards just have Chip-and-Signature, while some others also feature Chip-and-PIN.
If your card only has Chip-and-Signature, you’ll be prompted to sign either the terminal screen or a printed receipt. If your card has both signature and PIN, the checkout system will default to your preferred method, which is almost always signature. If you want a PIN-priority card, check out Diners Club and credit unions like UNFCU and First Tech Federal Credit Union.
You won’t be able to choose signature or PIN, the terminal will automatically use your preferred method.
In April 2018, the four major U.S. credit card issuers — Visa, Mastercard, American Express, and Discover — decided that they’ll no longer require signatures as a verification method for purchases. Retailers may still require signatures to verify cardholder identities, however, but only if they choose to do so. This will help streamline the checkout process without compromising card security — signatures aren’t a very good security measure, and cashiers never check them anyway.
Terminals are generally supposed to accept both signature and PIN, depending on the preferred Card Verification Mode of the card. But some people, especially travelers in Europe, don’t always find this to be the case, especially when dealing with unattended payment terminals.
If you have a Chip-and-Signature card but you’re facing a terminal that is asking for a PIN, you may still be able to complete the transaction. You can try bypassing the PIN prompt by pressing “Enter,” “Continue,” or “Cancel.” If that doesn’t work, you can try looking for an attendant who can help.
If all that fails, you won’t be able to use that card in that card reader.
Usually, yes. Although EMV is the standard in Europe and Canada, be aware that most merchants expect you to use a PIN to verify the transaction.
Generally you should be fine, because terminals are supposed to accept either signature or PIN cards. But you may find that the merchant is unfamiliar with processing signature-verified transactions, so it could take quite a while and they may want to actually check your written signature against the one on the card.
In some cases, people have reported finding terminals won’t process cards that are only Chip-and-Signature. This can happen with unattended terminals and kiosks, like train ticket vending machines. If this happens you may need to find an employee who can help, otherwise you’ll be out of luck.
You could also run into similar problems if your card has both signature and PIN capability, but the preferred verification method is signature. In this case the terminal sees your card as requiring a signature, which it can’t process. It’s supposed to allow you to enter a PIN, but some people have reported that this does not happen.
Checkout terminals that are updated with the latest software should be able to accept EMV cards that are either signature or PIN. But you may find terminals that aren’t properly configured.
Sometimes, you’ll find a checkout terminal that looks like it accepts chip cards, but the chip card reader will not work or will be physically blocked. This is most likely because the retailer has plans to switch over to EMV-compliant hardware and software and has already upgraded their terminals, but the full system is not yet ready to accept those cards.
Individual retailers may also have their own reasons for waiting longer to switch over to EMV-compliance.
If you’re a merchant you’ll probably want to start accepting chip cards to limit your liability. If you already accept magnetic stripe cards, talk to your merchant provider about accepting chip cards.
Square is currently offering a reader for $49 that works with chip cards and NFC wireless payment technologies, like Apple Pay and Google Pay.
Cybersecurity is often described as an arms race, a contest between data security experts and hackers. As payment systems are made more secure, fraudsters simultaneously work to uncover new vulnerabilities.
EMV chip technology is more secure than the traditional mag stripe, but that doesn’t mean it’s perfect. There is still the potential for card information to be intercepted, and for that stolen card data to be used or sold. And unfortunately, as EMV security has made in-person fraud more difficult, online fraud has increased to fill the gap.
Chip cards help prevent fraud in two main ways, at least: making fraudulent transactions more difficult, and making card duplication more difficult.
There are two basic types of credit card transactions:
The EMV chip is only used for card present transactions when you insert the chip into the reader. If you swipe the card this will use the mag stripe, and the chip isn’t involved. For card not present transactions, like online purchases, the card information is manually entered into the system, and the chip isn’t used.
So EMV chips are more secure only for point of sale, card present transactions, and only when inserting the card. This enhanced security comes from the unique cryptogram that’s created for each transaction, which is useless for making other purchases.
A mag stripe terminal simply reads the card data contained on the magnetic stripe. This data is static, meaning it’s always the same, compared to the dynamically-generated token used with chip transactions. The data on the mag stripe is always just sitting there on your card, waiting to be read.
Criminals can attach a magnetic stripe reader over an existing card reader, for example at a gas pump, to capture data about every card that’s swiped. The customer may not notice, since the transaction can still go through normally — the information is just being “skimmed” as the card is slipped in and out of the card reader. See this page of Krebs on Security that shows many real life examples of skimmers and other devices that are used to steal credit card information.
EMV is a less passive system. The data on an EMV chip can’t simply be read as the card is inserted into a reader, because the transaction uses a unique cryptogram. These systems can still be hacked, and sometimes they are, but it requires something much more sophisticated than a simple card skimmer.
In some cases, for example, fraudsters attach devices that trick the chip into thinking it’s being used for a signature-verified transaction. The terminal is simultaneously tricked into thinking it received a correct PIN. The result is that both sides approve the transaction, without a real PIN (or signature) being used.
Shady businesses may employ a different nasty technique. They can program the EMV card reader to show the correct amount on the terminal, but actually charge your account a much higher amount. So you may see the correct charge of $35 on the terminal, but later that month you might get a bill for $4,000! Mag stripe cards are vulnerable to this trick, too.
It’s fairly easy for a thief to copy a mag stripe credit card. After skimming the information from your card, that data can be “burned” onto a blank counterfeit card, and used just like the original. It’s a bit like your card’s evil twin.
EMV technology is different. That little chip is a complex microprocessor, and it can’t simply be scanned, copied, and replicated. Apparently it is still possible to duplicate EMV chips, but you’d need to “drill into it with lasers and probing stations, and other expensive fiddly equipment,” according to Ross Anderson of Computerphile. So it’s not very easy at all.
However, EMV cards are still vulnerable in some ways. Your card still has a mag stripe on the back. It can be read with a skimmer, as mentioned above, and copies of the card can be made. If you use the mag stripe for a transaction instead of the chip, you won’t get any of those EMV protections and will be vulnerable to skimmers.
But you’re not safe just because you’re using the chip, either. If you use a hacked EMV terminal and thieves obtain your card information, they can use that data to create a mag stripe version of your card. That forged card won’t have a copy of your chip but it will have a copy of your mag stripe, so it can be used in mag stripe readers.
EMV technology doesn’t provide complete protection against fraud, but it does make in-person fraud and counterfeit card creation more difficult. It’s a step in the right direction. But an unfortunate side effect of more chip card transactions has been the subsequent rise of online fraud, as criminals seek out easier means of identity theft.
New EMV standards aren’t exactly the cause of this fraud, as some have claimed, but they have made online transactions more attractive to criminals than card present transactions. So be sure to protect your information and financial tools, both online and offline.
For the consumer, nothing really changes when it comes to fraud liability with EMV cards. You won’t be held liable for fraudulent transactions in most cases, as long as you alert your card issuer.
Liability for fraud usually rests with the card issuer or payment processor, depending on the specific terms of the account. However, since the transition to EMV technology, fraud liability now lies with the “least-EMV compliant party,” which in some cases might be the merchant. This basically means that if the merchant didn’t install a new EMV system and people are forced to use the mag stripe, the merchant will be held liable for fraud if it occurs.
There are currently four important dates in what is known as the “EMV liability shift:”
So October 2020 is the new date at which all card present transactions in the U.S. will be held to these standards, including automated fuel dispensers.
The United States has been transitioning slowly to EMV technology since about 2011, when Visa began promoting the idea. EMV cards have been used in Europe and Canada for decades, with many around the world wondering why the U.S. has been lagging behind (but it’s actually catching up pretty fast).
Upgrading to EMV technology is expensive, and people don’t want to change until they really have to. Many retailers, especially smaller stores with less funds to spend on upgrading, have dug their heels in until switching seems like the less costly option.
Things started moving much more quickly with the fraud liability shift that began in October 2015. At this date the least-EMV compliant party became liable for card fraud, which means that if the merchant didn’t upgrade to use EMV chip readers they’d be liable for fraud. This is a big and potentially expensive change for merchants, because usually the card issuer or payment processor would be liable for fraud.
Many retailers now use EMV technology, although not all. In the U.S., pretty much every merchant uses signature as the verification method for credit cards, and PIN for debit cards.
You’ll notice that automated gas pumps usually still use the swipe method. This is because they have until October 2020 to upgrade to EMV. The original date was set to be October 2017, but the deadline was extended to give the U.S. petroleum industry three more years to install the necessary technology.
Gas stations and fuel companies have resisted the change for several reasons, in large part due to the massive cost of switching over.
It’s not as simple as just unscrewing a checkout terminal from a pump and mounting a new one; in some cases, the actual pump needs to be uprooted so the wiring can be updated to handle the new system. Many gas stations are independently owned as part of convenience stores, rather than being run by huge corporations, so the barriers to converting are high.
EMVCo is the primary organization designed to facilitate the spread of EMV technology around the world. They frequently publish reports on the use of chip cards, by both merchants and consumers.
Their most recent set of statistics, from the end of 2017, show that EMV card usage has continued to grow in the U.S. and elsewhere.
EMVCo reports that EMV adoption in the U.S. was at nearly 60% at the end of 2017, with about 785 million EMV cards in circulation.
Visa has some impressive stats on EMV acceptance as well, released in March 2018. Visa reports that:
Secure payment technology will continue to improve, and the signature/PIN methods won’t be the last verification modes we see. Mastercard is currently testing a next-gen “biometric card,” which will scan your fingerprint to verify your identity and approve transactions. Biometric cards are currently being trialed in South Africa, with plans for Europe and Asia Pacific in coming months.
Credit card security is important. Thankfully, cardholders are not usually held liable for fraudulent charges. But fraud costs the payments industry an incredible amount of money every year. In 2017 the rates of fraud were higher than ever, with nearly $17 billion lost (i.e., stolen) as a result of identity theft and similar crimes.
EMV cards are usually pretty simple to use, and they make card present transactions more secure. They also make it more difficult to copy cards. Although they’re not a perfectly secure technology, and hackers can still steal information from payment terminals, they’re a big upgrade from the traditional magnetic stripe.
Every card issued in the U.S. today comes with EMV technology, at least Chip-and-Signature. Some also come with Chip-and-PIN, which will make them more useful outside the U.S. See our list of card issuers that offer Chip-and-PIN cards if you’ll be traveling outside the country.
Remember that EMV technology only helps protect against in-person fraud. Be sure to check your credit card statements and monitor your credit reports periodically to check for unauthorized activity.
Credit Card Insider receives compensation from advertisers whose products may be mentioned on this page. Advertiser relationships do not affect card evaluations. Advertising partners do not edit or endorse our editorial content. Content is accurate to the best of our knowledge when it's published. Learn more in our Editorial Guidelines.
Do you have a correction, tip, or suggestion for a new post? Contact us here.
The responses below are not provided or commissioned by bank advertisers. Responses have not been reviewed, approved or otherwise endorsed by bank advertisers. It is not the bank advertisers' responsibility to ensure all posts are accurate and/or questions are answered.