Chip and Pin: Not a Simple Quick Fix

In her article, 'Debit or Credit' Becomes A Point-of-Fail, Kelly Jackson Higgins discusses how recent data breaches have spurred retailers, lawmakers and the banking industry to seriously rethink security options for card payment systems. She includes the following third-party observation:

"Banks have gone out of their way to make us [consumers] feel comfortable. They're just charging the retailers for this, but it's going to hurt the retail industry," says Avivah Litan, distinguished analyst with Gartner. "Maybe banks will now move on chip and PIN" sooner, she says.

While it is true that retailers pay a disproportionate share of fraud costs and the reality of recent data breaches will goad banks and retailers both to make changes, we must be sure that they are the right kind of changes. The move to a computerized chip embedded in the card is not the complete solution to fraud in the United States.

First, merely adopting the chip cards without the requirement of PIN numbers, as the credit card companies had proposed, is a half-measure that will not make customer data and card transactions wholly secure. Yes, the chip is extremely difficult to counterfeit but without the second layer of cardholder authentication offered by the PIN, it does not solve for lost or stolen card fraud or Internet fraud.

Secondly, it’s important to note that the standard called EMV that the major card brands, Visa and MasterCard, are pushing for is actually their proprietary technology and opens the door for them to extend their already-powerful duopoly. Merchants are concerned that adopting EMV will allow the credit card companies to maintain their dominance in this technological arena and as a result prevent a competitive market from forming, perhaps one that moves beyond cards to customers using their mobile devices to make purchases.

No good can come from this kind of non-competitive market. We’ve seen proof of that with the credit-card companies’ exorbitant swipe fees. If the duopoly of MasterCard and Visa stymie competition in technology, too, in the long run it only ends up hurting both consumers and merchants.

Card Fraud More Common in United States than Europe

As more information about the recent rash of data thefts comes to light and additional breaches are discovered, it is becoming ever more apparent that the credit/debit payment system in the United States is broken. New statistics only bolster that reality.

Take for instance a recent Nilson Report, which showed that while the U.S. accounts for only 27% of the credit card transactions worldwide, it is in fact responsible for 47% of card fraud. Or a report from Aite Group and ACI Worldwide, which surveyed more than 5,000 consumers in 17 countries and found that the United States, along with Mexico, is more susceptible to fraud with 42% of respondents saying they have been victims of such fraud.

Why are these data breaches happening at a greater rate in the U.S. than say in Europe?

Simply put, it is because the United States continues to rely on an outdated magstripe payment card whose required signature authorization can be easily plagiarized and used to create a host of fraudulent cards. Most European countries, on the other hand, follow the EMV standard, which uses a microchip technology that offers consumers, merchants and banks much greater security.

But it will take several years for the EMV standard to be put into practice in the United States, as it requires banks to update their card systems. This promises to be a costly investment and banks no have motivation to make that investment because merchants bear the lion’s share of the consumer fraud costs.

In the meantime, American consumers remain sitting ducks as our credit and debit cards remain acutely vulnerable to criminals.

To read more about the Aite Group/ACI Worldwide survey, see the Forbes article here.