What Is Credit Card Encryption?

DEFINITION:

Credit card encryption is the translation of the sensitive information necessary for credit card transactions into an encoded form that is only decipherable by the payment processor using the accompanying decryption key.

Key Takeaways

  • Credit card encryption is the process of making a customer’s credit card data unreadable except to the credit card processor.  
  • Encryption minimizes the possibility of a criminal being able to get the customer’s sensitive credit card information.
  • Credit card encryption includes the chip in an EMV card creating a one-time code linked with the current transaction, which is then transferred to and decrypted by the credit card processor to complete the transaction.
  • While credit cards in the U.S. used to have magnetic stripes that merely held card data, these magnetic stripe credit cards are progressively being replaced with EMV chip cards that encrypt card data on a transaction-by-transaction basis.

Definition and Example of Credit Card Encryption

Most credit cards are fitted with a chip that is contained inside a silver symbol placed anywhere on the card. When a card containing one of these chips is used for a purchase, it creates a cryptogram unique to that exact transaction to convey the essential information to the credit card processor.

When you use your credit card at a merchant, the payment terminal has to communicate identifying information about your card to the payment processor in order to execute the transaction. This information, of course, has to be safeguarded from illegal access.

How Credit Card Encryption Works

When you put your credit or debit card into a chip reader machine while making a purchase, the cryptogram created within the chip is transferred to the credit card processor so it can confirm the purchase and approve the transaction by using a decryption key to interpret the cryptogram. In this method, the credit card transaction is encrypted.

Europay, MasterCard, and Visa established this technology, hence chip cards are frequently referred to as EMV chip cards.

Since each transaction is connected with a distinct cryptogram, encryption effectively prohibits chip cards from being cloned and used fraudulently. This is one of the key reasons why credit card issuers have shifted toward chip cards during the past several years.

After you use your credit card at one merchant and use it at a second merchant, you normally slide it into the chip reader at the payment terminal once again. If you had swiped your card to have the magnetic strip read by the machine, your card would be delivering the same information as it did in any prior transactions. This indicates that you have a greater possibility of having your card information stolen.

Note

When you slide your card into the chip reader, the information is once again encrypted, this time with a new code, so that the transaction may be safely performed.

The information about your card is still communicated, however it is done with reduced danger of having your card information stolen. 

Credit Card Encryption vs. Magnetic Stripes

 Encryption  Magnetic Stripes
Uploads encrypted card information Uploads the same card information
Provides different data each time Provides static storage for credit card data
Harder for thieves to intercept card information Easier for thieves to copy account data
More secure  Less secure

Magnetic stripes used to be the norm for credit card transactions, but this strategy has gone out of favor in recent years as the industry has transitioned to EMV transactions, which employ a chip capable of encryption instead of the older stripe.

These older credit cards with magnetic stripes just upload the identical card information to the payment terminal each time they are used without any accompanying one-time-use cryptogram.  The data recorded in the magnetic stripe comprises the credit card number, expiry date, and security code.

while a magnetic stripe is swiped at the point of sale, the card is essentially providing static storage for this data that the terminal reads while processing the transaction.  This makes it reasonably straightforward for other parties to duplicate account information onto another card.

While chip cards still commonly come with the conventional magnetic stripe, swiping your card is less secure than using the EMV chip.

Note

While magnetic stripes are still relatively widespread in the U.S., they look to be on their way out.  MasterCard, for instance, is planned to phase out most new stripes by 2024 and altogether remove them from its cards by 2033.

Credit Card Encryption vs. Authentication

Encryption   Authentication
Secures card information as it is transmitted to payment processors Verification that user is authorized to use card 

Credit card encryption is not the only security mechanism used to prevent fraud in credit card transactions.

While encryption has to do with safeguarding card information while it is communicated to payment processors, credit card authentication has to do with validating that the person presenting a card for payment is the real cardholder.

Pros and Cons of Credit Card Encryption

Pros 

  • Reduces fraud
  • Paves the door for future payment technologies

Cons

  • May cause transactions to take more time
  • Forces retailers to update their payment terminal

Pros Explained

  • Reduces fraud: Credit card encryption produces a unique, one-time code for each transaction—rather than the credit card number itself—that is submitted to the credit card processor for decryption. This considerably minimizes the possibility of a thief being able to steal a cardholder’s credit card information.
  • Paves the path for future payment technologies: While credit card encryption is now done mostly via physically putting a chip card into an EMV-enabled terminal, credit card encryption is rapidly being extended to alternative payment technologies such as contactless payments and tokenization.

Cons Explained

  • May cause credit card transactions to take extra time: The encryption procedure, which requires the production of a cryptogram unique to the transaction, may result in chip card transactions lasting longer than static magnetic stripe credit card transactions.
  • Forces retailers to update their payment terminal: Merchants will need to get payment terminals capable of reading EMV chip cards in order to conduct chip card transactions. However, some merchant service providers are giving free chip card terminals to new consumers.