Tuesday, November 28, 2023
Homewhats workingThe dysfunctional state of America's credit cards

The dysfunctional state of America’s credit cards

First prototyped by IBM in the early 1960s and officially rolled out in 1970, the "magstripe" credit card has been in widespread consumer use since Paul McCartney announced that the Beatles were breaking up. Magnetic stripe card technology is outdated at best––predating the floppy disk by only a year––and hugely insecure at worst. After all, it was behind the Target breach, which keeps getting worse. Neiman Marcus became the latest retailer to announce a hack of its network last Friday, the same day Target expanded the size of its breach to include personal data on up to 70 million people, beyond the 40 million people whose specific credit card information was hacked.

The U.S. is a laggard on the global stage in still relying on this technology rather than EMV—otherwise known as Smart Chips, or computer chips embedded into credit cards––for point-of-sales transactions. Some European nations moved to the Smart Chip cards as a result of legislation to combat fraud, while emerging-market nations leapfrogged over the magstripe, similar to the move to cell phones before a landline was ever sunk into Earth.

Shopper uses a credit card machine at TargetGetty Images

The story of why the U.S. remains the world's laggard in point-of-sales technology is a battle between the country's biggest banks and retailers, and it threatens the reputation and business of all consumer-oriented businesses. "While the Target breach is serious, consumers divulge the same information every time they hand their card to a waiter in a restaurant," said Paul Schaus, president and CEO of CCG Catalyst Consulting Group.

Professor Danny Dolev of The Hebrew University of Jerusalem said chip and PIN cards are much harder to copy than traditional "swipe and sign" cards, partly because new cards cannot be cloned. "If we use stronger security and don't keep customer information, we'll be in much better shape," Dolev said.

(Read more: Target CEO still shaken by data breach)

There are hundreds of millions of magstripe cards in the U.S., and despite an upswing in U.S. credit card fraud, a report released in December 2013 by the Federal Reserve Financial Services Policy Committee indicates that American credit and debit card usage steadily rose over the past several years, growing at a rate of 7.6 percent from 2009 to 2012. Since it's one of the last markets in the world where thieves can operate against the easy-to-outsmart magnetic stripe technology, there's no reason the Target breach will be the last if EMV technology isn't adopted more quickly.

"The U.S. is the last country to adopt chip and PIN," said Avivah Litan, vice president and analyst at Gartner, specializing in data analytics and financial fraud.

Your account vs. bank accounting
Richard Sullivan, senior economist at the Federal Reserve Bank of Kansas City, said for financial institutions it may be a matter of a cost-benefit equation. It's cheaper for banks to absorb the cost of fraud up to a certain point than to develop and issue new cards. According to Sullivan, banks are essentially asking: "Is all the investment worth the reduction in fraud?" In the end, the banks answer that question with a no.

"It's been a system with fraud rates that cardholder services have been comfortable with," Sullivan said.

Experts say when fraud occurs on cards, to a large extent that fraud has been absorbed by retailers. Though there is some debate over the exact amount retailers absorb versus financial services companies, "it's all stacked against the retailers. Nobody [among the banks] has wanted to spend the money. There's no incentive," Litan said.

Experts insist that the superior security of these cards does not rely simply on the computer chip being more difficult to counterfeit than the magnetic stripe. PIN numbers certainly remain fallible, yet compared to signatures, they still offer far stronger security on the user end. Many of these cards don't only include a chip but require a PIN rather than a signature, a technology feature that experts say would have prevented the recent Target security breach, in which customer payment information was "skimmed" from the magnetic stripes on the back of the cards.

Even though PIN numbers were stolen in the Target breach, Litan said that PINs used with EMV systems work by unlocking the key for the chip, but the PIN itself "does not travel anywhere." And EMV can also use dynamic verification codes that change with every transaction.

(Read more: Google Glass coming to your local police beat)

If the U.S. were to adopt chip and PIN cards, 100 percent of retail transaction fraud would shift to e-commerce, Litan predicted. The thieves will find a way to adapt, but they can't clone a chip card like a magnetic strip card. "It would be a big step up—a huge step up," she said.

Embedded chips are more costly than the simpler magnetic stripes. The banks—and the U.S. payments duopoly of MasterCard and Visa—also make more money from signature card transactions than on PIN card transactions, one reason for the ambivalence about adopting chip and PIN versus chip and signature. PIN transactions can travel across more networks, and that competition keeps the cost of pin transactions down. Signature transactions, on the other hand, travel across two networks, Visa and MasterCard, ensuring virtually no competition—and keeping things less secure and more expensive for retailers and consumers.

As more markets have migrated to EMV, the concentration of fraud in those markets that have not migrated has accelerated, including the U.S., said Carolyn Balfany, senior v.p. of EMV at MasterCard, in an email statement. Balfany said now is the time for the U.S. to migrate to EMV cards, though she did not specify whether it supports chip and PIN or chip and signature cards, stating that each issuer and merchant manages their own business and technology decisions and whether, how and when to implement EMV. Visa did not respond to a request for comment.


Most Popular