Recent problems at Target and Neiman Marcus have once again brought debit and credit card security into the headlines. But perhaps the issue should never have gone away. Last September, IndexCreditCards.com covered research from The Nilson Report that showed America to be the global leader in card fraud -- and not just because we're also global leader in card use (though we are). Fewer than one quarter of all the world's card transactions take place in the United States, but very nearly half (47.3 percent) of fraudulent ones occur here. In December 2013, the Federal Reserve published a study that showed $8.27 of every $10,000 spent on cards in the U.S. in 2012 was fraudulent. Using different methodologies, The Nilson Report found total losses from card fraud to be $11.27 billion that year, up 14.6 percent on 2011. The fact is: This country is a magnet for plastic fraudsters, both foreign and domestic. The question is: Why should that be?
Credit card chipsOne reason -- though far from the only one -- may be that America has been so late in adopting EMV. Those initials stand for the names of the three companies that originally devised the payments system ( Europay, MasterCard and Visa), and you'll know when you're able to use it because your debit or credit card will have a tiny microprocessor chip built into it. That chip does the same job as the magnetic stripe on the back of your current plastic, but it does it much, much more securely. It's a piece of cake for fraudsters to clone a card using a magstripe (a technology invented in the 1960s), but virtually impossible for them to do the same to an EMV card. On Jan. 14, Forbes published a world map showing the countries that had adopted EMV, and the U.S. was the only one that hadn't. Yes, even North Korea got there before us. You may suspect causation between that and the fact that Nilson says America was the only place on earth in 2012 to continue experiencing growth in counterfeit card fraud.
Chips not a panaceaAlthough a few experts argue that EMV chips are going to make little difference to the country's plastic fraud problem, most acknowledge it should help. The evidence from territories that have already adopted them (some, in Europe, decades ago) is simply too overwhelming to believe otherwise, absent an agenda. What are more convincing are these arguments:
- Cost. The same Forbes article that carried that map, included some industry estimates for the cost of implementing such a switch, and they ranged from $7 billion to $9 billion. That covers issuing new cards, and replacing existing point-of-sale terminals, but excludes some back office expenses. There would also be an ongoing cost, because an EMV card is about $1.25 to manufacture, while a magstripe one can come in at closer to 25 cents.
- Limited effectiveness. EMV prevents card cloning, but little else. It doesn't stop hackers accessing card information held by retailers, so would have had zero impact on the recent systems breaches suffered by Target and Neiman Marcus -- or any of the stream of companies that have been similarly embarrassed in the past.
- Applicability. EMV stops cloning, and reduces fraud at physical points of sale. But it's of no help during "card-not-present" (mostly online, mail order and telephone) transactions. Some expect fraudsters to maintain their current volume of crime while simply switching to those activities that don't require a physical card.
- Timing. Some experts suggest that America is catching up with the rest of the world just when it's too late. New payment methods using smart devices are quickly growing in importance, and we may see EMV finally implemented here just as plastic cards are being consigned to history.
- Implementation. So far, there's every sign American credit card companies are going to implement chip-and-signature rather than chip-and-PIN (personal identification number) solutions. The experience overseas suggests having to tap a PIN into a card reader is much more secure that just signing. And that Fed report from December found the same here: PIN debit cards have significantly less fraud than signature ones.
EMV is coming
Whether or not you buy them, all those arguments have almost certainly had their day. All the big payment processors (American Express, Discover, MasterCard and Visa) have published road maps outlining their plans to implement EMV, and are probably too far along their chosen paths to change course. As recently as Jan. 8, Chris McWilton, MasterCard's president for North American markets, wrote to stakeholders confirming his company's determination to remain on course.
Most tellingly, McWilton referred to a continuing commitment to a particular milestone, "liability shift." This will see any retailer that has failed to switch to EMV by a 2015 date assume liability for relevant frauds perpetrated on its premises. Right now, that liability rests with payment processors. That's a powerful incentive for brick-and-mortar merchants to adopt the technology.
It's up to your bank and credit card companies to decide if and when they issue you with plastic with chips (and whether they adopt chip-and PIN or chip-and-signature protocols), but 2014 is likely to be the year when many more start to roll them out to mainstream customers. Don't panic if yours are late to the game: EMV card readers are highly likely to be backwards compatible, meaning they can read a magstripe as well as a chip. But stand by to receive some smart new clone-proof cards!