An EMV chip card is a payment card embedded with a microprocessor chip that generates a unique cryptographic code for each transaction, making it significantly more secure than magnetic stripe cards that store static data. EMV stands for Europay, Mastercard, and Visa, the three organizations that developed the global standard for chip card payments.
When a chip card is inserted into a chip-capable terminal, the chip and terminal exchange encrypted data and produce a transaction-specific code called a cryptogram. This dynamic authentication means that even if transaction data is intercepted, it cannot be reused to create counterfeit cards or initiate fraudulent transactions.
EMV chip technology has been the global standard for in-person card payments since the early 2000s and became the dominant card form factor in the United States following the 2015 liability shift that shifted counterfeit fraud losses to merchants who had not upgraded to chip-capable terminals.
Diving Deeper into EMV Chip Card
EMV chip technology emerged in Europe in the 1990s as a response to rising counterfeit card fraud in card-present environments. The magnetic stripe, which had been the dominant card data storage technology since the 1960s, stores static card data that can be copied using inexpensive skimming devices and used to produce working counterfeit cards. The EMV chip solved this problem by replacing static data with dynamic cryptographic authentication that generates a unique code for every transaction.
The standard is governed by EMVco, a consortium owned by the six major card networks: Visa, Mastercard, American Express, Discover, JCB, and UnionPay. EMVco sets the technical specifications for chip cards, terminals, and the transaction protocols that govern how they interact.
How EMV Chip Authentication Works
When a cardholder inserts their chip card into a terminal, a multi-step authentication process occurs between the chip and the terminal before the transaction is authorized.
Card Authentication
The terminal first verifies that the card is genuine and not counterfeit. The chip contains cryptographic keys issued by the card issuer during card personalization. The terminal uses these keys to verify that the chip is authentic and has not been tampered with. This step prevents counterfeit cards from being used even if the card data was obtained through a skimming attack.
Cardholder Verification
After the card is authenticated, the terminal verifies the cardholder’s identity. The cardholder verification method used depends on the card issuer’s configuration, the terminal’s capabilities, and the transaction context. Common verification methods include PIN entry, signature, and no verification for low-value transactions. Online PIN, where the PIN is encrypted and verified by the issuer, provides the strongest cardholder verification.
Transaction Authorization
The chip generates a transaction-specific cryptogram using the transaction details and the chip’s cryptographic keys. This cryptogram is included in the authorization request sent to the issuing bank. The issuer verifies the cryptogram as part of the authorization decision. If the cryptogram is valid and all other authorization conditions are met, the issuer approves the transaction.
EMV Contact vs. Contactless
EMV chip technology operates in two modes. Contact EMV requires the cardholder to insert the chip card into the terminal’s card reader slot, making physical electrical contact between the chip and the terminal. Contactless EMV uses NFC technology to complete the same cryptographic exchange wirelessly when the card or device is tapped near the terminal. Both modes use the same underlying EMV security standards and provide equivalent fraud protection.
The U.S. EMV Migration
The United States was one of the last major markets to migrate from magnetic stripe to EMV chip cards, completing the bulk of the transition between 2015 and 2019. The primary driver was the October 2015 liability shift implemented by Visa and Mastercard, which moved counterfeit fraud liability from card issuers to merchants who had not upgraded to chip-capable terminals.
Prior to the liability shift, card issuers absorbed the cost of counterfeit card fraud regardless of whether the merchant was using chip or swipe technology. After the shift, merchants processing chip cards through magnetic stripe readers became financially responsible for counterfeit fraud losses on those transactions. This created strong economic incentive for merchants to upgrade their point of sale equipment.
EMV and Card-Not-Present Fraud
A well-documented side effect of EMV migration is the shift of fraud from card-present to card-not-present channels. As counterfeit card fraud became significantly more difficult in chip-enabled card-present environments, fraudsters redirected their activity toward online transactions where the chip provides no protection. Card-not-present fraud increased substantially in markets that had completed EMV migration, which drove increased investment in CNP fraud prevention tools such as 3D Secure, device fingerprinting, and advanced fraud scoring.