In many countries, payment cards are issued with both a magnetic stripe and a chip. Either the magnetic stripe or the chip may be read by the POS terminal to process the sale. Remember that track-equivalent data is stored on the chip. Track equivalent data found on the chip differs from the track data found on the magnetic stripe as the chip track data contains a unique Chip CVV/CVC code. However, there is a danger that the PAN and the expiration data in the chip may be used for fraudulent card-not-present transactions. So in summary, while chip-and-pin can help reduce the risk of fraudulent transactions within that environment, data captured from the chip may still be used for fraudulent transactions in other environment.
- Merchants are not permitted to store the track equivalent data following authorization.
- Track equivalent data found on the chip differs from the track data found on the magnetic stripe as the chip track data contains a unique Chip CVV/CVC code.
- This prevents criminals producing cloned magnetic stripe cards from chip track data.
- However, there is still sufficient information to allow criminals to use this data in a card-not-present fraud (such as e-commerce or mail order/telephone order).