this is a great research paper taking about various aspects of EMV vs the traditional magnetic stripe platforms for payment cards
1 of 4
Download to read offline
More Related Content
The Demise Of The Magnetic S 149569
1. Industry Research
Publication Date: 25 July 2007 ID Number: G00149569
The Demise of the Magnetic Stripe and the Rise of the
Chip
Alistair Newton
Gartner's 2006 predictions for the banking industry identified 2007 as the beginning of
the end for the magnetic stripe in payment cards. A number of factors and developments
increase the likelihood that banks will start migrating away from payment cards with
integrated magnetic-stripe capability as standard practice.
Key Findings
Fraud is still being perpetrated on Eurocard, Mastercard and Visa (EMV) payment cards
using magnetic stripes that contain payment card and customer details.
The magnetic stripe remains a weak point that may compromise data and its
subsequent reuse in countries where EMV has not been deployed.
Removing the magnetic stripe from chip-enabled payment cards would eliminate the
ability to use those cards in non-EMV payment terminals and ATMs, but would also
reduce the risk of compromised card data and ID theft for customers and banks.
Customers are being inconvenienced by banks' attempts to combat this fraud, including
stringent limitations on the use of payment cards at overseas ATMs or point-of-sale
terminals.
Recommendations
Banks currently issuing EMV-based payment cards should plan now to start allowing
customers to request payment cards starting with debit cards without a magnetic
stripe to help protect them from identity theft.
As banks add functionality, such as contactless capability, they should consider allowing
customers to customize their payment card to include the deletion of the magnetic
stripe.
As use of prepaid payment cards grows, banks have an opportunity to offer prepaid
foreign currency cards to customers who have elected to have the magnetic stripe
removed from their day-to-day payment cards.
Banks should examine and assess their existing card management applications to
ascertain the feasibility of issuing and managing a portfolio of payment card products
with no magnetic-stripe contingency.
息 2007 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form
without prior written permission is forbidden. The information contained herein has been obtained from sources believed to
be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although
Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal
advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors,
omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein
are subject to change without notice.
2. ANALYSIS
In Gartner's 2006 predictions for the banking industry, the banking team examined the likely
demise of the magnetic stripe as the core data and service interface for payment cards, and its
complete replacement by chip technologies for all card payments. Recognizing that in some
markets particularly the United States the magnetic stripe will remain in place for years,
Gartner predicted that 2007 would mark the beginning of the end of the magnetic-stripe payment
card. A number of factors and developments have since taken place that add further weight to the
potential for many banks to start migrating away from payment cards with integrated magnetic-
stripe capability.
Full rollouts and pilots of EMV chip technology are progressing well in Europe, Asia, Canada,
Central America and South America, and are succeeding in cutting fraud for point-of-sale and
ATM transactions in those countries. However, payment cards are still being illegally cloned and
customer details are being abused, because the magnetic stripe has been retained on the back of
most payment cards as a fallback during the transition to EMV. This allows customers to use the
payment cards in countries that do not offer EMV.
The details in the magnetic stripe can be used to produce cloned payment cards that can, in turn,
can be used in countries that have not yet rolled out EMV. Banks and payment card companies
have reacted to this fraud in a number ways, and have used fraud identification and tracking
software effectively to manage fraud losses. However, many banks have also deployed blunt
transaction limits and blocks on overseas card use that are problematic for customers and do little
to encourage customers to use their payment cards when traveling abroad.
As more countries roll out EMV particularly as the Single Euro Payments Area develops to the
point that EMV cards become mandatory opportunities for fraud stemming from such
weaknesses will be reduced. Significantly (from the customers' point of view), the number of
countries that do not support EMV will also be reduced. While Gartner recognizes that the
complete removal of magnetic-stripe technology on payment cards on a global basis is years off,
new chip-enabled payment cards have extended the life of payment cards, and banks are starting
to issue cards with expiry dates up to four years out.
Banks that issue EMV cards should start planning for the time when customers demand payment
cards without magnetic stripes and expect their banks to accept only payment requests initiated
through EMV chips and pin-based applications as a means of protecting their financial identities.
Identity Theft Banks Can Act to Protect More Customers
The rise in the number and scale of identity thefts associated with bank customers' payment
cards has been rising steadily during recent months. Specifically, payment card details have been
compromised by:
Corrupted point-of-sale devices or staff for example, a spate of attacks on petrol
service-station point-of-sale devices in the United Kingdom in which card details and the
associated pin numbers were compromised.
ATMs fitted with skimming devices and cameras for example, recent attacks on ABN
Amro in the Netherlands and WestPac in Australia resulting in both banks having to fit
antiskimming devices to their ATM networks.
Direct theft of card payment details from retailers for example, the hacking of the
retailer TJX in the United States, which appears to have compromised more than 45
million credit and debit card details.
Publication Date: 25 July 2007/ID Number: G00149569 Page 2 of 4
息 2007 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
3. The increasing range of these attacks has resulted in the production of a growing number of
cloned cards. Importantly, the success of these cloned cards has been because of reliance on
magnetic-stripe technology, which allows the replication of customer details and subsequently
allows cash withdrawals from ATMs or purchases with the fake cards. Predominantly, these
cloned cards are being produced for use in countries that are not making use of the current EMV
chip card standards, or are in the early stages of rolling out EMV so that all transaction and
authentication details are routed through the magnetic stripe.
Banks that already issue EMV cards can limit the rise in identity theft and differentiate themselves
in terms of helping to protect their customers from identity theft by removing the magnetic stripe
from those cards that are unlikely to be used abroad or that are likely to be used only in countries
that support EMV transactions. The removal of the magnetic stripe would not be relevant or
correct for a certain type of customer specifically the customer who travels regularly. However,
for others who maybe travel infrequently or not at all, the stripe's removal would be unlikely to
hinder day-to-day use of their payment cards. To avoid losing large amounts of interchange
income generated from overseas card transactions, banks should consider offering this service
first for debit cards, which tend to be used less for overseas purchases than are credit cards.
Current Actions to Reduce Fraud Can Be Difficult for Customers
For some time, banks have used fraud detection applications, in addition to stronger front-end
authentication, to identify and act on transactions that are considered unusual and out of the
ordinary. If deployed with sensitivity to changing customer payments habits, such fraud detection
solutions can prove extremely successful. However, with the use of cloned cards on the increase,
banks are often reverting to fairly blunt forms of control, such as:
Rejecting requests for cash advances from foreign or out-of-state ATMs, or payment
requests at the point of sale, unless the customer has previously informed the bank that
he or she will be traveling to a specific country
Imposing mandatory limits on cash withdrawals or transaction limits, either in total or on
a daily limit basis
Both types of regulation are inconvenient for customers especially where these limits and
controls are not well publicized. Banks imposing these controls argue that they are protecting
their customers, thereby increasing customers' faith in their banks ability to manage fraud.
However, they should balance protection with convenience and usability or else risk loosing the
customer transactions to other banks that may offer greater flexibility.
By offering customers the option of removing the magnetic stripe initially from their debit cards,
and later from their credit cards and accepting only payment requests or ATM withdrawals
initiated via the EMV chip, banks would be able to lift these restrictions and controls on their
customers who would only be using their cards in countries with EMV capabilities, making it more
convenient for the customers and driving more card payment revenue and reducing fraud
exposure for the banks.
Publication Date: 25 July 2007/ID Number: G00149569 Page 3 of 4
息 2007 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
4. REGIONAL HEADQUARTERS
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
U.S.A.
+1 203 964 0096
European Headquarters
Tamesis
The Glanty
Egham
Surrey, TW20 9AW
UNITED KINGDOM
+44 1784 431611
Asia/Pacific Headquarters
Gartner Australasia Pty. Ltd.
Level 9, 141 Walker Street
North Sydney
New South Wales 2060
AUSTRALIA
+61 2 9459 4600
Japan Headquarters
Gartner Japan Ltd.
Aobadai Hills, 6F
7-7, Aobadai, 4-chome
Meguro-ku, Tokyo 153-0042
JAPAN
+81 3 3481 3670
Latin America Headquarters
Gartner do Brazil
Av. das Na巽探es Unidas, 12551
9属 andarWorld Trade Center
04578-903S達o Paulo SP
BRAZIL
+55 11 3443 1509
Publication Date: 25 July 2007/ID Number: G00149569 Page 4 of 4
息 2007 Gartner, Inc. and/or its Affiliates. All Rights Reserved.