How Secure Are Chip-And-PIN Cards, Anyway?
If you’ve ever used a debit card in-store, you probably know that it’s a two-step process. First, you insert your card at the point-of-sale, then type in a four-digit Personal Identification Number (PIN).
This two-factor authentication process has dramatically cut down on card-present fraud. In countries like the UK, chip-and-PIN technology has resulted in a 95% reduction in losses to counterfeit card fraud in the two decades between 2006 and 2026.
But…is that all you need to know?
Chip-and-PIN comes with quite a few perks, but also some drawbacks, too. Here, you’ll find out what chip-and-PIN technology is, how it works, why you need it, and where to get it. We’ll also tell you what it can’t do for you, and how you can fill in the gaps.
Recommended reading
- How Do QR Code Payments Work: Critical Info & How to Accept
- How to Use a Contactless ATM & Where to Find Enabled Devices
- Terminal ID Number (TID): What is it? What Does it Do?
- What Are Credit Card Networks? What Do Card Networks Do?
- What is a Debit Network? How Does it Help You Get Paid?
- How Transaction Settlement Works: Guide to Manage Cash Flow
How Does Chip-and-PIN Technology Work?
- Chip-and-PIN
Chip-and-PIN refers to a fraud detection method which uses tokenization technology to transmit one-time-use encrypted information in place of cardholder data, combined with a PIN (Personal Identification Number). Because the cardholder’s data is never transmitted, it is much harder for hackers to intercept and steal it.
[noun]/CHip • ənd • pin/
Credit cards with chip-and-PIN have all but replaced signing a dotted line for purchases in the European market. They speed up the payment process considerably. They also tend to be more convenient for shoppers, as compared to signature.
Every standard debit or credit card now issued by a bank comes with a small chip embedded into the front of the card. If chip-and-PIN is being used then, the cardholder will be prompted to type in their PIN to complete the transaction after the microchip is inserted into an EMV-enabled card reader.
If the correct PIN has been entered, the chip-and-PIN machine will read the encrypted information embedded in the card’s microchip. If the cardholder’s input does not raise any red flags, the bank will send an approval notification back to the merchant. This is accomplished through payment tokenization; the entire process only takes a few seconds.
Chip-and-PIN vs. Chip-and-Signature Transactions
Chip-and-signature transactions are less secure than chip-and-PIN purchases, but they’re more popular in the US. Both types of transactions are EMV-compliant, which means that merchants aren’t held responsible for these transactions if they end up being fraudulent.
Chip-and-PIN transactions are more secure than their chip-and-signature counterparts, since signatures can be easily forged and often aren’t verified in real-time at the point-of-sale.
At the same time, chip-and-PIN adds a small amount of additional friction. Punching in a correct PIN at the keypad takes more work than scribbling a barely legible signature prior to purchase. For this reason, while chip-and-PIN technology is used almost universally in Europe, Canada, and other regions abroad, chip-and-signature is the default in the US, as domestic banks and retailers prize convenience over security.
This is not necessarily the wisest position, though, from a fraud prevention standpoint. The added friction in the transaction process is minimal; if a user finds it too difficult to key in a four-digit code… then maybe that’s someone you shouldn’t do business with anyway.
On that note, some fraudsters are using social engineering to bypass EMV chip security. For example, scammers may ask you to read their card using a magstripe reader under the pretense that your chip reader is not working or that their card’s EMV chip is malfunctioning. If you take the bait and they file a chargeback, you’ll automatically lose the case.
The best way to prevent this from happening is to ask the customer to try an alternate form of payment. While this may cause occasional frustration among legitimate cardholders, the liability protection may be worth it.
Chip-and-PIN Liability Shift: Who Pays?
The merchant is absolved of liability only if a chip card is inserted at an EMV-compliant terminal.
We mentioned earlier that both chip-and-PIN and chip-and-signature transactions benefit from protection from EMV liability shift chargebacks. But, there are some nuances.
As a general rule of thumb, the party held liable for fraud on an EMV chip card is going to be the party who is least secure. Here’s how it breaks down:
| Scenario | Who’s Liable |
| Chip card; chip used at EMV terminal | Issuer |
| Non-chip card used at any terminal | Issuer |
| Chip card; swiped at terminal | Merchant |
Different card networks have different chargeback reason codes related to EMV liability. Visa Reason Code 10.1 (EMV Liability Shift Counterfeit Fraud) and Mastercard Reason Code 4870 (Chip Liability Shift) are two examples.
Both of these reason codes concern disputes resulting from unauthorized activity, and have to do with whether the card was read with an EMV chip-compliant terminal at the point of sale. If you receive a chargeback associated with one of these reason codes, it’s practically unwinnable in representment; the only response is to prove that you were compliant, and the issuer is actually the one liable.
How is Chip-and-PIN More Secure?
Chip-and-PIN is more secure because it combines tokenization with a second-factor challenge. This makes it incredibly difficult for criminals to successfully use stolen cards at an in-person point-of-sale.
As mentioned above, chip-and-PIN cards are more secure, no matter how they are used. Why, though?
The reason for this is the dynamic encryption software hardwired into each chip. Magnetic stripe cards often hold the same information regarding the cardholder’s account. They ultimately lack the encryption required to secure those payments, though.
Before EMV, fraudsters could use skimmers and other methods of card copying to counterfeit a cardholder’s account details. This was assuming they didn’t simply steal the card and use it, as there were few meaningful safeguards to prevent its use.
However, EMV technology deployed using a chip-and-PIN method means there is no static data for the fraudster to steal. The dynamic encryption changes each time the card is used. The token used in place of cardholder information is void after one transaction, making it almost impossible for fraudsters to crack or replicate.
While this data is promising, be aware that no credit card fraud prevention solutions are ever 100% effective against fraud. Chip-and-PIN authentication is a vast improvement over magnetic stripe technology, but it still features vulnerabilities of which you should be aware.
How Can Chip-and-PIN Transactions Benefit You?
Chip-and-PIN payments can benefit merchants because they are fast and secure, and cardholders are now widely familiar with EMV technology.
Every major card network mandates EMV-compliant transactions, which use the microchip embedded in the card to tokenize transactions.
Beyond chip-and-PIN and chip-and-signature transactions, there are also contactless payments, which combine EMV technology with near-field communication (NFC) technology to enable wireless transactions. Contactless payments typically do not require PIN or signature verification below a certain dollar threshold. Be aware, though, that they may not offer the same liability shift as chip-and-PIN cards.
Stop fraud. Prevent chargebacks. Protect your business.
Request a Demo
Have you been reluctant to accept contactless payments up to this point? Now is still a great time to take advantage of everything the technology offers.
Customers may still insert or swipe chip-and-PIN cards to make purchases. However, adding the contactless variety only broadens your customers’ preferred payment options. It will encourage them to spend money with you, rather than a competitor.
Which Chip-and-PIN Machine Do I Need?
You can choose from a portable, semi-portable, or countertop chip-and-PIN card reader. The best option for you depends on your needs and on your business operations.
You need to take advantage of chip-and-PIN technology. But, how do you get started? The answer depends on the specifics of your business.
Do you want an entry-level chip-and-PIN reader? Or, do you need something that prints receipts? Maybe you need a stationary countertop terminal to access CRM and bookkeeping software simultaneously?
Whatever your needs, there are devices designed just for your business. Some are even customizable.
Option #1 | Portable Chip-and-PIN Readers
There are a few entry-level chip-and-PIN devices to choose from that will easily allow you to take mobile and on-the-go payments. All you need to make this work is a smartphone capable of downloading and using mobile payment applications.
Square is a great introductory option that offers a fully mobile payment device that can be used anywhere their mobile network is functional. The reader plugs directly into the phone’s power receiver, and merchants may input payment details directly into the Square app or via the portable contactless payment terminal.
Option #2 | Semi-Portable Chip-and-PIN Readers
Your business may require mobility and terminal functionality at once. In that case, Square also makes a portable hand terminal that functions much like a traditional POS terminal and can instantly print receipts on the go.
This option works great for restaurants, concert venues, or other fast-paced small businesses that need to make payments swift and flexible. Other providers that make equally good hardware for this method are CloverGo, Ingenico, and PayPal Zettle.
Option #3 | Countertop Chip-and-PIN Devices
Options one and two are easy and convenient. However, you have very limited options. Sellers have far more options to choose from regarding countertop terminals.
Here, we’d advise you to carefully consider what type of business they have, Think about whether or not budget and speed are issues, and whether or not you require built-in accounting and CRM software.
Once you figure out which chip-and-PIN machine suits your business best, it’s time to factor in budgetary considerations.
How Much Does Chip-and-PIN Cost?
Costs vary by payment method and payment processor, but typically include a percentage-based fee plus a fixed rate per transaction (e.g. 2.9% + $0.30 per transaction).
Chip-and-PIN costs and transaction fees vary according to the type of business you have, the payment processor you choose, and the machine you prefer.
Depending on which terminal you need, you can start receiving chip-and-PIN and contactless card payments for as little as $49 with the Square reader mentioned above. That price includes the reader and a free point-of-sale app to begin taking payments immediately.
If you want to upgrade to other services, though, the fees get a little more complicated. For example, Square’s standard processing fees are 2.6% + $0.10, as of this writing. Payments that are manually keyed in, processed using a card on file, or manually entered using a virtual terminal have a 3.5% + $0.15 fee. Invoices cost 2.9% + $0.30 or 3.5% + $0.15 if processed using card on file.
Clover, Square’s direct competition, does not feature products that merchants can hybridize with their own devices. However, they offer more straightforward processing fees for their devices. Their introductory pricing looks like this:
- Clover Hardware: $1,349-$1.649 (Clover Station Solo)
- Clover Software: $39.95 (Register plan)
- Clover Credit Card Fees: 2.3%-2.6% + $0.10 per transaction
Clover offers many of the same features as Square, but they provide advanced hardware even at an introductory level. From there, their products get increasingly more sophisticated.
Both of the payment providers we mentioned above may offer special introductory pricing and transaction fees. Ultimately, though, it’s best to consider your business from every angle to determine which company best suits your specific needs.
Check out our picks for the best payment processors
The Downsides of Chip-and-PIN Technology
While chip-and-PIN technology is exceptionally effective against in-person criminal fraud, it can’t address card-not-present (CNP) fraud. It also can’t stop first-party misuse (or “friendly fraud”).
No matter how efficient, speedy, practical, or sophisticated chip-and-PIN technology is, it can never prevent every act of fraud. No program or system on earth is capable of such a feat. That’s true, no matter what any company promises you.
These cards and contactless terminals are indeed more secure than their predecessors. That said, there are several things they cannot do for you.
Need Help Fighting Fraud & Chargebacks?
Chip-and-PIN cards can be a great asset in the fight against fraud. However, you can’t rely on any one solution to solve this problem.
Fighting back against both criminal and friendly fraud demands a multifaceted fraud prevention strategy. This is crucial to not only prevent incoming acts of criminal fraud, but also defend your business from post-transactional threats like friendly fraud.
Chip-and-PIN technology works best in tandem with practical fraud tools and chargeback management. As an industry leader for over ten years, Chargebacks911® is uniquely placed to help you focus on what’s essential: protecting your bottom line.
