How Does PCI DSS Apply to Chip Transactions?

By | January 3, 2017

In many countries, payment cards are issued with both a magnetic stripe and a chip. Either the magnetic stripe or the chip may be read by the POS terminal to process the sale. Remember that track-equivalent data is stored on the chip. Track equivalent data found on the chip differs from the track data found on the magnetic stripe as the chip track data contains a unique Chip CVV/CVC code. However, there is a danger that the PAN and the expiration data in the chip may be used for fraudulent card-not-present transactions. So in summary, while chip-and-pin can help reduce the risk of fraudulent transactions within that environment, data captured from the chip may still be used for fraudulent transactions in other environment.

  • Merchants are not permitted to store the track equivalent data following authorization.
  • Track equivalent data found on the chip differs from the track data found on the magnetic stripe as the chip track data contains a unique Chip CVV/CVC code.
  • This prevents criminals producing cloned magnetic stripe cards from chip track data.
  • However, there is still sufficient information to allow criminals to use this data in a card-not-present fraud (such as e-commerce or mail order/telephone order).

Leave a Reply

Your email address will not be published. Required fields are marked *