MasterCard and Visa Push Hard for EMV Chip Adoption. But There’s Strong Pushback by Others.

May 27MasterCard and Visa Push Hard for EMV Chip Adoption. But There’s Strong Pushback by Others.

What do Canada, Mexico and most of Western Europe have that the U.S. doesn’t? EMV chips. That was too easy. The headline practically gave away the answer.

Now, here’s a question that’s a lot harder to answer. Why hasn’t the United States rushed to replace magnetic stripes on the backs of credit and debit cards with EMV microchips? Especially since they would eliminate a substantial amount of plastic fraud and make shopping safer for consumers? Not to mention for banks which generally have to pony up for credit card losses?

In her AP piece, Bree Fowler focuses on the players involved and explains who’s pushing for EMV, who’s pushing against adopting the technology…and most importantly why. The following has been edited to fit our format. You can find the complete article by clicking on this link.

Chips aren’t perfect, says Carolyn Balfany, MasterCard’s group head for U.S. product delivery, but the extra barrier they present is one of the reasons criminals often choose to target U.S.-issued cards, whose magnetic strips are easy to replicate.

“Typically, fraudsters are going to go to the path of least resistance,” Balfany says.

The chip technology hasn’t been adopted in the U.S. because of costs and disputes over how the network would operate. Retailers have long balked at paying for new cash registers and back office systems to handle the new cards. There have been clashes between retailers, card issuers and processors over which processing networks will get access to the new system and whether to stick with a signature-based system or move to one that requires a personal identification number instead. These technical decisions impact how much retailers and customers have to pay — and how much credit card issuers make — each time a card is used.

The disputes have now largely been resolved. And the epic breach of Target’s computer systems in December, which involved the theft of 40 million debit and credit card numbers, along with smaller breaches at companies such as Neiman Marcus and Michaels, helped garner support for chip-based cards among retailers who were previously put off by the costs.

Chip cards are safer, argue supporters, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer’s register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards, say experts, are also nearly impossible to copy.

For its part, Target is accelerating its $100 million plan to roll out chip-based credit card technology in its nearly 1,800 stores. New payment terminals will appear in stores by September, six months ahead of schedule. Last month, the retailer announced that it will team up with MasterCard to issue branded Target payment cards equipped with chip technology early in 2015. The move will make Target the first major U.S. retailer with its own branded chip-based cards.

Even so, the protections chips provide only go so far, according to opponents who note that chips don’t prevent fraud in online transactions, where consumers often enter credit card numbers into online forms. Some opponents also point to other technologies, such as point-to-point encryption, as better long-term solutions.

Ken Stasiak, founder and CEO of SecureState, a Cleveland-based information security firm that investigates data breaches, says that while chips would be a big security improvement, they wouldn’t have stopped the hackers from breaching Target’s computer systems where they also stole the personal information, including names and addresses, of as many as 70 million people, putting them at risk of identity theft.

“Chip and pin is just another security component,” Stasiak says. “What matters is how companies like Target use consumer information, how they protect it.”

Banks generally pick up the tab for credit card-related losses, but companies such as Visa and MasterCard stand to lose too, if data breaches continue to occur with increasing frequency. After all, if consumers don’t feel safe using cards, they may choose other ways to pay for purchases.

“It’s not just about fraud and losses, it’s about the trust involved in electronic payments that’s destroyed,” says Ellen Ritchey, Visa’s chief enterprise risk officer.

In March, Visa and MasterCard announced plans to bring together banks, credit unions, retailers, makers of card processing equipment and industry trade groups in a group that aims to strengthen the U.S. payment system for credit and debit cards. The initial focus of the new group will be on banks’ adoption of chip cards.

That comes ahead of a liability shift set to occur in October 2015, when the costs resulting from the theft of debit and credit card numbers will largely fall to the party involved with the least advanced —and most vulnerable— technology. For example, if a bank has updated to chip technology, but the retailer involved hasn’t, the retailer will be liable for the costs.

Stasiak says many of the retailers he works with already have the technology in place. Once the banks start issuing chip cards, the retailers will activate their new systems, he says.

Banks say that despite the jump in high-profile data breaches, fraud still accounts for a small fraction of total transactions processed, while the cost related to issuing chip cards to all of their customers and switching out all of their ATMs is substantial. Banks have urged lawmakers to make retailers more accountable for their own security in hopes of recouping more of the losses from cybercrime.

Richard Hunt, CEO of Consumer Bankers Association, says that in cases of major fraud, banks have generally been able to collect only pennies on the dollar from the retailers involved.

Hunt says even if banks put chips in cards, it won’t do any good if retailers don’t upgrade their systems.

“We have to improve fraud prevention across the board,” he says. “There are people who get up every day across the world with one mission and that’s to break credit card technology. But there’s no magic pill out there. The solution involves everyone.”

Leave a Reply

Your email address will not be published. Required fields are marked *