If you’re in the US, you’ve probably heard grumbling about new credit cards with microchips — and the slow, loud machines we have to use with them.
And if you’re in Europe or Canada, you’ve been using chip cards for almost a decade, and you’re wondering what the fuss is about. But it’s about time we’re switching, because old cards were really easy for criminals to fake.
And now, it’s next to impossible. At least… offline. The purpose of a debit or credit card is simple: You’re promising someone that they’ll be paid what you owe them. And some of the card’s information, like the card number, is its way of saying who you are and where to get the money from. Now, you don’t want someone to be able to steal your card number, wander into the local Costco, and buy thousands of dollars of teriyaki flavored beef jerky with it, do you? So, for security, cards also have ways to verify that they’re really the card linked with that number. Older cards use numbers hidden in a static magnetic pattern on the back to prove their identity. But it was pretty easy for criminals to steal that pattern when you swiped your card to buy something, copy it onto another card, and pretend to be you. So chip cards, also known as EMV cards because of the companies that created them, have a different way of using numbers to prove their identity. They use encryption.
Their microchips are small circuits that start working when they’re put in a terminal, like the machines at the grocery store. In the terminal, the chip generates a number called a cryptogram by combining information from the terminal with its own data. To the terminal — and to anyone who might be trying to steal your card details — the number looks completely random. And since it’s partially based on information from the terminal, the number is different every time you use your card.
So criminals can’t just copy the number and use it, like the magnetic stripe pattern. Depending on the setup at the store, that number might get sent to your bank so that they can tell the terminal if your chip really generated it. Or, sometimes, the terminal itself can verify that. Now, in a short YouTube video, we can’t get into all the math and cryptography behind how your bank gets information from this seemingly-random number when no one else can. If you’re curious, the last few links in the description can get you started. The super-condensed version is that these numbers are easy to generate or verify if you have exactly the right information. And they’re essentially impossible to fake if you don’t, like if you’re a beef jerky loving criminal. Your chip has what it needs to generate the numbers.
And the bank or terminal has different information that they need to undo what the chip did, and make sure the data matches the chip and the card. One place chips don’t help is online shopping, since you only type in static information on the card, like your name and the number. But they’re designed to stop in-person fraud, which is exactly what they good at. Thanks for watching this episode of SciShow! If you want to learn about a different way cryptography is used with currency, check out our video that explains how Bitcoin works.