The major credit card companies—Mastercard, Visa, Discover and American Express—along with the major banks that issue their cards, have set a deadline of October 2015 for widespread adoption of new, more financially secure credit cards in the U.S. The cards, with so-called EMV technology, have an embedded microchip that limits the amount of financial and personal data transmitted to a retailer at the point of sale. That means there’s less chance of fraud or a devastating data hack down the line.
As of October, retailers will be responsible for the cost of credit-card fraud if they haven’t invested in and deployed new card-readers that exploit the new chip-cards. Card-issuers, meanwhile, have made a commitment to replace as many as possible of consumers’ old-style magnetic-stripe cards by the October deadline. Those old cards are easier to use for fraudulent purchases after the physical card has been stolen; the data communicated at the point of sale via the magnetic stripe is also easier to hack and use after purchase, once it is stored on the servers of a retailer or other financial institution.
CreditCards.com released a survey this week finding that as of February 2015, only three in ten American credit-card-holders had a chip-card. Senior industry analyst Matt Schulz says he doesn’t believe card-issuers will meet their own deadline of October 2015 for widespread adoption. Nor will retailers, he says; current estimates are that 25 percent or fewer of retailers have already deployed chip-card readers. Deployment is higher at major retailers such as Target and Walmart.
“Since the Great Recession,” says Schulz, “banks and retailers are definitely cautious when it comes to spending the money to make this investment.”
Mallory Duncan, a spokesman for the National Retail Federation, estimates the cost of updating points-of-sale for retailers may be as high as $25 billion to $30 billion. The cards themselves cost approximately $1 each, compared to $0.25 each for magnetic-stripe cards, says David Robertson of the Nilson Report. He says that cost is mostly borne by the credit-card industry.
And Duncan says the anti-fraud value of the new cards is dubious. “There’s actually more hype than hope,” he says. That’s because card-issuers have opted to pair chip-enabled cards in the U.S. with signature verification at the point of sale. In Europe, where chip-cards have been in use for years and are nearly ubiquitous, the cards must be verified with a unique secret PIN entered by the card-holder. Signatures are easily forged, meaning a stolen card can still possibly be used to purchase expensive goods after it’s stolen. Without the PIN, a stolen card in Europe is much less likely to be used after it’s stolen. Online fraud is still possible with both types of cards, since credit-card use that's not done in person doesn't utilize, and isn't protected by, EMV microchip-plus-verification functionality.
David Robertson at the Nilson Report explains that Americans typically have more credit cards than Europeans, and Americans tend to use their multiple cards for revolving credit. He says Europeans typically use a single charge- or debit-type card, which either deducts the purchase amount from their bank account immediately, or requires the consumer to pay off the full balance at the end of each month.
In the U.S., says Robertson, introducing PINs to validate each in-person credit card transaction would mean, “you’d have four or five different PINS on your credit cards. It makes it tough, and the card-issuers don’t want to be in that place.” Robertson says card-issuers worry people will forget their multiple PINs, and stop using most of their cards as a result.