If only we had technology to limit credit card fraud… Oh, wait…
If only we had technology to limit credit card fraud… Oh, wait…
IT’S JUST TOO BAD
There was Target. Nieman Marcus. CitiBank. Between 2012 and 2013, the number of data breaches involving credit or debit card information increased by 41.2%.
It’s really too bad there isn’t some way to use modern technology to dramatically reduce credit card fraud.
Oh.
Wait.
There is.
And has been.
FOR ALMOST A DECADE.
CHIP & PIN
It’s called Chip & Pin technology, also known as EMV, it’s a little cryptographic chip embedded in the card, and unlike those magnetic stripes, it doesn’t just hold all your info unencrypted for every Tom, Dick, and Harry with a card reader or hacking skills to copy or scan or download. And there’s the added protection of a PIN.
“The types of breaches we’ve seen recently would’ve been prevented by the use of this chip and pin technology,” says Chester Wisniewski, senior security advisor with Sophos. “It makes it much harder for thieves, and it’s had widespread use in Europe and everywhere else.”
UM, WE INVENTED THE CREDIT CARD. WHY DON’T WE HAVE THAT TECHNOLOGY HERE?
There are a few reasons.
COST
“One of the big obstacles is the expense,” according to Bill Hardekopf with Lowcards.com, a consumer resource website. “Retailers would have to get a different credit card processor, probably about a $200 expense per terminal for each checkout lane.”
Doable for large retailers, less so for small businesses, expensive for everyone. Card issuers and banks would have to pay to make the more expensive cards too. Small retailers, according to Wisniewski and other analysts, have been particularly resistant. Businesses would be laying out money for the benefit of banks, in a sense, since it’s the banks which are often liable for fraudulent purchases.
But that doesn’t explain why we’re behind the rest of the world.
WE DIDN’T NEED THIS KIND OF TECHNOLOGY BACK IN THE DAY
“There wasn’t really the same demand to address fraud in the United States as there was in other parts of the world,” says Andrew Davidson, senior vice president at Mintel. “Fraud wasn’t as big of a deal as it was in say Europe.”
Old tools used to be enough to deal with the fraud problem. “Previously,” says Doug Jones, vice president of risk management policy the American Bankers Association, “we were able to depend on our neural networks that looked for unusual transactions.” It seemed to work, “it didn’t create a difference in terms of the amount of fraud we saw compared to what was seen in other countries.”
Until, of course, it did.
As other countries have adopted more secure credit card technology, the U.S. has become the fraud basket case.
NOBODY MADE US ADOPT IT. SO WE DIDN’T.
Some governments forced adoption of Chip & Pin, ours didn’t.
“We don’t tend to legislate these requirements,” says Jones. “That serves our economy well in the long run but in this particular instance it did slow down the process.”
You’re talking about the largest economy in the world and a large number of financial institutions and retailers that have to make this shift. A little like herding cats.
GOOD NEWS! WE’RE GETTING NEW CARDS. SOON. PROBABLY.
“Now is the time that the U.S. should upgrade to chip technology,” says Mastercard’s Senior Vice President for U.S. Product Delivery, Carolyn Balfany.
Mastercard has been pushing the new technology in the U.S. for several years, and in 2012 issued a “roadmap” for the country to migrate.
Many credit card companies have started to issue the new cards, in small batches. “They’ve started with international travelers,” says Balfany, since it can be inconvenient to use the U.S. backwards cards abroad. “But they’re rolling that out more broadly.”
On the merchant side, some larger retailers are already installing new cardreaders. “They’ve been in the process of beginning that for some time now and will continue on over the next couple of years.”
One tool to push the process along is a “liability shift” which will start taking place in October, 2015 for Mastercard, a year later for Visa. Usually, a bank has to cover a bogus purchase. But starting in October 2015, a retailer will have to suck it up if it hasn’t changed its card reader.
“Many of the larger retailers and banks have come out in industry conferences expressing their intent to migrate around that October 2015 time frame,” says Balfany. “I think we’re gonna see some really good movement.”
There’s a lot happening in the world. Through it all, Marketplace is here for you.
You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible.
Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.