NEW YORK (MainStreet) — Call this the year plastic cards struck back, Last year may have been all about Apple Pay and new-style mobile payments, but this year plastic is making a comeback and the new security features just may wow you.
The biggest change - the birth of a 21st century card: that means a plastic card with a computer chip will appear in just about every wallet and purse. This will welcome the game-changing transformation of dumb plastic into the smart kind that are EMV-equipped (Europay, Visa, MasterCard, the three big networks that shaped the standards). But understand, there are lots of changes occurring in addition to the roll-out of EMV chip cards by an October 2015 deadline.
Case in point: Visa now has announced new technology that in effect will empower a customer’s smartphone to track his location. What’s cool about that is it will reduce erroneous declines by an estimated 30%, said Robert Boxberger, president of San Francisco based mobile identity company Finsphere which created the technology that powers the Visa tool. How? When a Brooklynite saunters into a Detroit big box store and seeks to buy, say, six flat screen TVs, the chance that purchase will be declined as probable fraud hover around 100%. But not with the Finsphere tool turned on. That’s because it will use the issuing bank’s mobile app to track the rightful owner using built-in cellphone tools. If the Brooklynite has his phone on his person, the phone knows he is in fact in Detroit and probably the purchase will go through.
That also eliminates the need to contact card issuers to say you will be in Russia for the next ten days, please don’t reject my charges - and much of the time banking insiders privately acknowledge those well meaning travel reports get misfiled anyway. This Visa tool automates it by using as the tracking device the phone we all carry everywhere anyway. Intentions are to make the service opt in, meaning those who don’t want to be tracked, even for good reasons, can say no thanks.
Upping the Ante With Tokenization and More
MasterCard, meanwhile, has announced that this year it will pilot biometric authentication - involving voice, facial recognition and fingerprints - in a project involving First Tech Federal Credit Union, based in Mountain View, Calif. The idea is to harness biotech to validate otherwise iffy charges. Other biometric modalities - such as eye scans and heart rate monitors - may come into the authentication picture in other tests, said experts.
But more will happen, in particular the introduction of tokenization and encryption to credit card transaction data, predicted Paul Kleinschnitz, a senior vice president at First Data, the Atlanta-based credit card processor. Apple Pay users know those terms, because what they mean is that card data is effectively rendered useless to thieves. The real card data in an Apple Pay transaction resides not at a merchant but in a so-called token vault which are operated by Visa, MasterCard and American Express.
“Perimeter solution is not enough," said Kleinschnitz. "Your borders will be breached. Encrypt the data, tokenize it.” He elaborated that the large credit card breaches of the past year - at Target, Home Depot, etc. - would not have amounted to anything if the data had been tokenized and encrypted. The thieves might have made off with data but it would have been gibberish to them.
Even better: you, the cardholder, won’t have to do a thing. Tokenization and encryption will be implemented by big companies simply because they recognize that big breaches mean bad publicity and that is awful for the bottom-line.
EMV Arrival Shifts Burden of Responsibility
The last big change is the arrival of EMV which - according to Visa and MasterCard directives - means there will be a liability shift on October 1 involving who foots the bill for fraud. Historically a lot of the cost has been absorbed by card issuing banks. After October 1, the liability belongs to whichever party is less compliant with the new EMV standards which, for retailers, require new card terminals that can read chip cards, rather than the legacy magnetic stripe cards.
For card issuers, the requirement is that they replace magnetic stripe cards with chip cards.
On paper, all of that seems necessary, because most agree that mag stripe cards - whose key data can be copied by cheap readers sold online and imprinted on blank card stock by criminal beginners - are an antiquated menace. The plus of chip cards is that rather than the static data on mag stripe cards theirs is dynamic, effectively putting card counterfeiters out of business.
But the changeover won’t be easy. Most experts believe that no more than 50% of retailers will be chip ready on October 1. The big retail point of sale systems companies are backed up with chip terminal conversion jobs. But don’t expect miracles. Many retailers will be lucky to be chip ready by the end of 2016.
On the card issuer side - that is, banks - matters are worse. Greg Garson, a banking expert with consultancy High Start Group, said issuers “will be lucky to have 30% of their card reissued with chips by October 1.” The problem: there is a shortage of the computer chips pressed into the plastic and there’s no likely cure except time.
Look in your wallet. How many chip cards do you have? Likely none, or maybe one. Issuers are said to be focused on reissuing first to high volume customers, also to those who travel abroad (Europe has been EMV compliant for some years). More casual customers who rarely travel overseas likely won’t see new chip cards until well into 2016.
Want one sooner? Get a card fast by calling your issuers and requesting one, suggest experts. Say you have a trip to Europe planned. Issuers know many European terminals will not accept mag stripe cards. And that probably will be good enough to get you the chip card you want. You’ll get a counterfeit-proof card in the bargain. Add in tokenization and encryption of data, perhaps a biometric, probably some kind of smartphone location tracking and 2015 is indeed shaping up as the year cards got smarter and safer.
—Written by Robert McGarvey for MainStreet