Hosted by Kai Ryssdal

Get the Podcast

Get the Podcast

• Apple
• Spotify
• Amazon Music
• Stitcher
• RSS

IT’S JUST TOO BAD

There was Target.  Nieman Marcus.  CitiBank.  Between 2012 and 2013, the number of data breaches involving credit or debit card information increased by 41.2%. 

It’s really too bad there isn’t some way to use modern technology to dramatically reduce credit card fraud. 

Oh.

Wait.

There is. 

And has been. 

FOR ALMOST A DECADE.

CHIP & PIN

It’s called Chip & Pin technology, also known as EMV, it’s a little cryptographic chip embedded in the card, and unlike those magnetic stripes, it doesn’t just hold all your info unencrypted for every Tom, Dick, and Harry with a card reader or hacking skills to copy or scan or download.  And there’s the added protection of a PIN.

 “The types of breaches we’ve seen recently would’ve been prevented by the use of this chip and pin technology,” says Chester Wisniewski, senior security advisor with Sophos. “It makes it much harder for thieves, and it’s had widespread use in Europe and everywhere else.”

UM, WE INVENTED THE CREDIT CARD.  WHY DON’T WE HAVE THAT TECHNOLOGY HERE?

There are a few reasons. 

COST 

“One of the big obstacles is the expense,” according to Bill Hardekopf with Lowcards.com, a consumer resource website.  “Retailers would have to get a different credit card processor, probably about a $200 expense per terminal for each checkout lane.”    

Doable for large retailers, less so for small businesses, expensive for everyone.  Card issuers and banks would have to pay to make the more expensive cards too.  Small retailers, according to Wisniewski and other analysts, have been particularly resistant.   Businesses would be laying out money for the benefit of banks, in a sense, since it’s the banks which are often liable for fraudulent purchases.

But that doesn’t explain why we’re behind the rest of the world.  

WE DIDN’T NEED THIS KIND OF TECHNOLOGY BACK IN THE DAY

“There wasn’t really the same demand to address fraud in the United States as there was in other parts of the world,” says Andrew Davidson, senior vice president at Mintel. “Fraud wasn’t as big of a deal as it was in say Europe.”

Old tools used to be enough to deal with the fraud problem.  “Previously,” says Doug Jones, vice president of risk management policy the American Bankers Association, “we were able to depend on our neural networks that looked for unusual transactions.”  It seemed to work, “it didn’t create a difference in terms of the amount of fraud we saw compared to what was seen in other countries.”

Until, of course, it did. 

As other countries have adopted more secure credit card technology, the U.S. has become the fraud basket case.

NOBODY MADE US ADOPT IT. SO WE DIDN’T.

Some governments forced adoption of Chip & Pin, ours didn’t.

“We don’t tend to legislate these requirements,” says Jones.  “That serves our economy well in the long run but in this particular instance it did slow down the process.”   

You’re talking about the largest economy in the world and a large number of financial institutions and retailers that have to make this shift.  A little like herding cats. 

GOOD NEWS! WE’RE GETTING NEW CARDS. SOON. PROBABLY.

“Now is the time that the U.S. should upgrade to chip technology,” says Mastercard’s Senior Vice President for U.S. Product Delivery, Carolyn Balfany. 

Mastercard has been pushing the new technology in the U.S. for several years, and in 2012 issued a “roadmap” for the country to migrate. 

Many credit card companies have started to issue the new cards, in small batches.  “They’ve started with international travelers,” says Balfany, since it can be inconvenient to use the U.S. backwards cards abroad.  “But they’re rolling that out more broadly.” 

On the merchant side, some larger retailers are already installing new cardreaders.  “They’ve been in the process of beginning that for some time now and will continue on over the next couple of years.”

One tool to push the process along is a “liability shift” which will start taking place in October, 2015 for Mastercard, a year later for Visa.  Usually, a bank has to cover a bogus purchase.  But starting in October  2015, a retailer will have to suck it up if it hasn’t changed its card reader. 

“Many of the larger retailers and banks have come out in industry conferences expressing their intent to migrate around that October 2015 time frame,” says Balfany.  “I think we’re gonna see some really good movement.”

Stories You Might Like

Why retail data hacks keep happening

Mastercard is saying goodbye to the magnetic stripe

Are chip cards worth the wait at the checkout line?

Talking credit cards help visually impaired people prevent abuse

A credit card you have to activate with your finger

A new form of ID theft: account takeover