A recent piece in The Hill by the banking industry’s trade group told one side of the story when it comes to improving payment security, but here’s the other. It’s been one year since the highly touted Oct. 1, 2015 liability shift deadline in which retailers and credit card companies were required to transition to new chip equipped credit cards – yet the U.S. remains one of the top three countries in the world experiencing the most card fraud.
In order to understand why chip cards have not been more effective in the U.S., we need to start with why the liability shift happened in the first place. Prior to chip cards, we relied on magnetic stripe cards first developed in the 1960s. These cards used magnetic stripes to house consumers’ financial information.
When the card was swiped, the card reader would process it, and then a consumer would sign to verify the purchase. As criminals became more aware of the vulnerabilities of these cards, they began stealing financial information using a variety of methods and then using the stolen data to make fraudulent purchases.
As these breaches became more commonplace and much larger in scale, big banks and card issuers became weary of shouldering the financial burden and needed to find a way to offload these costs. As such, they decided it was finally time to bring card security into the 21st century in the U.S. by eliminating the magnetic stripe. To encourage the transition to chip-enabled cards, they developed the Oct. 1 liability shift deadline.
Leading up to the highly publicized deadline, credit card companies were required to issue new chip-enabled credit cards and retailers were responsible for upgrading in-store point-of-sale terminals to be able to process the new cards. After Oct. 1, whichever party was using the older technology was then liable for any fraudulent activity.
However, when the rest of the developed world moved to chip cards decades ago, they moved to what is called chip and PIN in which each card requires its own unique four digit PIN as opposed to relying on a signature as a second form of verification. There is no denying that the move to chip cards is a step in the right direction, but the decision to opt for signatures instead of PINs leaves open serious security risks for consumers.
Chip and signature cards are great at combatting counterfeit card fraud, which makes up around a third of fraud in the U.S., but the cards fall short when addressing other common forms of fraud. The chip and PIN system on the other hand addresses counterfeit card fraud, lost/stolen card fraud and has the ability to be applied to online purchases – these three forms of fraud account for around 97% of U.S. fraud.
It’s no small distinction. This fight over the these two payment security methods prompted retail giant Home Depot to file a lawsuit earlier this year against Visa and MasterCard alleging the companies are trying to block the use of PINs and pushing merchants toward accepting less-secure signature transactions to collect higher fees associated with signatures.
In addition to the security issues with the cards themselves, retailers have also faced the challenge of expensive hardware and software upgrades that cost anywhere from hundreds to thousands of dollars. And before a retailer can turn on a new chip card terminal, it has to be certified by the card issuer. This process can take months and cause thousands of dollars of fraudulent charges to pile up.
This laundry list of problems has directly led to the drastic disparity in consumers who have chip cards compared to merchant locations accepting them – 88% to 33%, respectively, according to a recent MasterCard report.
So while we may have come a long way from the magnetic stripe cards of the 1960’s, it’s clear that the poor planning and corners cut by the banks and card issuers have hampered the first year after the liability shift. It’s my hope that things will improve in the second year – starting with the implementation of chip and PIN – or else the U.S. will remain the top target for fraudsters for more years to come.
Debra Berlyn is President of Consumer Policy Solutions and leader of Protect My Data.
The views expressed by authors are their own and not the views of The Hill.