Skip to main content

NEW YORK (TheStreet) -- Counterfeiting of bank-issued credit and debit cards is likely to fall precipitously during the next few years in the U.S.

By next October, most bank card issuers will have swapped out their payment cards for new ones that carry embedded microprocessor chips. The chips work to curtail card fraudsters' attempts to steal information during in-store transactions on point-of-sale terminals. Meanwhile, Apple (AAPL) - Get Apple Inc. (AAPL) Report recently released its own technology platform for mobile payments, called Apple Pay, which enables iPhone 6 customers to use their devices to make secure, electronic transactions with many bank-issued cards.

"Both payment systems will provide customers with a geometric jump in security against any card fraudster, including counterfeiters, who seeks access to personal information carried on payment cards during the card payment process," said Nick Holland, a senior analyst who leads the retail payments practice at Javelin Strategy, an industry research practice.

EMV is an industry group that was established by MasterCard (MA) - Get Mastercard Inc. (MA) Report , Visa (V) - Get Visa Inc. Class A Report and Europay in 1996 to develop a standard for embedded chip-card technology that would ensure global interoperability. Outside the U.S. the EMV standard has been well established and has proven to be effective in reducing counterfeit card fraud in more than 130 countries. For example, the United Kingdom experienced a 60% reduction in counterfeit card fraud from 2003 to 2013.

Image placeholder title

"We know from experience in other countries, where EMV-compliant chip technology is fully adopted, it makes a big impact in reducing counterfeit fraud," Stephanie Ericksen, vice president of risk products at Visa, told

Adoption of EMV-compliant chip technology has lagged in the U.S., however, and so major payment networks such as American Express (AXP) - Get American Express Company Report , Discover (DFS) - Get Discover Financial Services Report , MasterCard and Visa have developed a "carrot and stick" plan to accelerate deployment. They each independently set an October 2015 deadline for retailers to upgrade their payment terminals and for bank card issuers to become EMV-compliant. At that time, whoever has the weaker technology will have to assume the liability for any fraud that occurs.

Some payment networks have given ATM providers, gas and other fuel stations more time to revamp their payment terminals. For example, MasterCard has extended the deadline for domestic ATMs until 2016. American Express, MasterCard and Visa have all given "automated fuel dispensers," aka gas stations, until October 2017.

Regardless of the deadlines, many large retailers, some of which have been assaulted by counterfeiters during the past year, have been working behind the scenes to upgrade their in-store payment systems and to issue customers EMV-compliant cards. For example, Home Depot (HD) - Get Home Depot, Inc. (HD) Report started to work on the transition last year, and expects its 85,000 point-of-sale (POS) terminals in its 2,000 U.S. stores to be in compliance with the EMV standard early in 2015. Home Depot's Canadian store customers have been paying with embedded chip cards since 2011.

Target (TGT) - Get Target Corporation Report , which had the credit- or debit-card numbers and the card security codes of 40 million customers stolen last November through December, will re-issue its branded credit and debit cards with chip-and-PIN technology in 2015 after in-store terminals have been upgraded with EMV-compliant software. A Target spokesperson declined to comment on whether  the cards will continue to carry a magnetic stripe.

Even the White House has gotten involved in thwarting potential card fraud that might involve federal benefits payments. President Obama signed an executive order three weeks ago requiring the government to issue Social Security, pensions and veterans benefits through government-issued chip-and-PIN credit and debit cards. The government's replacement plan for benefits cards is set to begin on Jan. 1.

While payment networks monitor their transaction activity for anomalies that might signal criminal activity, the cards themselves that carry only magnetic stripes, are at risk. These cards contain no software security to protect personal information as they move from an in-store sales terminal to the card issuer for authentication and back. So counterfeiters have been able to steal this customer data with relative ease for years.

The EMV-compliant, chip card technology's "secret sauce" is the use of a dynamic, one-time cryptographic code. When a chip card is inserted into the slot on an upgraded payment terminal, the chip generates a dynamic cryptographic code for authentication of each transaction once, and only once. The dynamic code can't be reused. If the bank's authorization process discovers someone is trying to make a purchase with an old dynamic code, the transaction will be rendered invalid.

TheStreet Recommends

"The EMV chip card solution (with its dynamic code protocol) is vastly more secure than the mag stripe that has absolutely no security on it," said Thad Peterson, a senior analyst at Aite Group, a business technology and financial-services research firm.

At a minimum, EMV compliance requires that each payment card carry an embedded computer chip. However, the federal government and many retailers also will require customers to supply a PIN number in place of a signature to complete transactions.

The chip-and-PIN version of the EMV-compliant technology is widely used overseas. In the U.S., it is expected that most bank cards will continue to have magnetic stripes as well as chips for a few years while retailers, gas stations and other merchants bring their U.S. payment terminals into EMV compliance.

One reason the U.S. has been behind the rest of the world in moving to chip cards is cost. Upgrading the credit- and debit-card payment systems is an expensive proposition. Upgrading point-of-sales terminals to accommodate both mag stripe cards and chip-embedded cards will cost more than $6.8 billion, according to Javelin Strategy. And that figure doesn't include expenditures for software, staff training, consumer education and terminal maintenance.

While there are already 53 million chip-enabled credit card and 10 million chip-enabled debit cards in the U.S. market, Javelin estimates that by 2018, there will be 609 million debit cards and 600 million credit cards in the U.S. market, all chip-enabled.

From a consumer standpoint, it's doubtful that many shoppers will mind a minor inconvenience if it means weakening counterfeiters. For instance, Lynne Baronoff, a retired CPA in Myrtle Beach, S.C., has shopped at Sam's Club and Walmart (WMT) - Get Walmart Inc. Report with her chip-embedded cards since August.

"I did worry some about card fraud before with the mag stripe cards," Baronoff said. "The chip cards are as easy to use, if not easier than the mag stripe ones. However, the transaction takes a little longer to complete, and the card must remain in the card reader throughout the entire transaction."

The EMV-compliant chip technology isn't the only new secure transaction product hitting the market. A few weeks ago, Apple released its Apple Pay Platform technology. Instead of chip-based circuitry in cards, the Apple Pay platform uses Near Field Communications, or NFC. This is a radio transmitter and receiver, designed to transmit data in very short distances.

Apple Pay facilitates secure transactions through the use of tokens issued by the banks. These are short pieces of encrypted software code, which contain all the data required to complete a transaction, similar to the data held in mag stripes and chip-embedded cards. The actual customer data remain with the banks that issued the cards. When a customer makes a purchase using his iPhone6, a software token is sent to the card issuer who decrypts the transaction data for review. So neither Apple nor the retailer ever sees any customer information.

"In my opinion, Apple Pay is as secure as or more secure than a chip card because it uses a biometric, your fingerprint, to authenticate the transaction, instead of a PIN or a signature," said Peterson at Aite Group. "And if you lose your device and activate Apple's 'Find my iPhone' app, it shuts Apple Pay down immediately. So there is virtually no risk of a customer losing his data or having it stolen."

Meanwhile, counterfeiters have heightened their activity in the U.S. in anticipation of the October 2015 deadline for rolling out EMV-compliant cards.

"They know their window of opportunity is closing, and will be shut once chip cards are widely implemented in the U.S. market," said Julie Conroy, research director at Aite. "Counterfeit fraud will dramatically decrease once chip cards are widely implemented in the U.S."

Doug Johnson, a vice president at the American Bank Association, added, "A year from now, unless a customer loses their chip-enabled card, it will be extremely difficult, if not impossible, for a criminal to make a transaction in a store using stolen data. Of course, over time every technology has the potential to be compromised, so criminals will figure how to compromise this system, too. So we just have to keep working to stay ahead of them."

At the time of publication, the author owned shares of Apple.

This article is commentary by an independent contributor, separate from TheStreet's regular news coverage.