U.S. to Adopt EMV System by 2015
Large scale credit card thefts keep piling up, and now Washington D.C. is interested. Neiman Marcus and Target both testified before a Senate Judiciary committee this month regarding company-wide thefts that affected the data of 40 million Target shoppers and 1.1 million Neiman Marcus customers, further underscoring the susceptibility of magnetic strip credit cards to cyber theft.
Half the world’s credit card fraud takes place in the U.S., even though it accounts for just a quarter of credit card usage. Switching to the Europay, Mastercard, Visa, or EMV, system – an infrastructure that the rest of the world already employs – seems to be inevitable.
“Total fraud losses dropped by 50 percent and card counterfeiting fell by 78 percent in the first year after EMV smart cards were introduced in France in 1992. The United states has lagged behind because replacing all payment cards, updating ATMs to accept the new cards, and updating the terminals in retail stores all cost money,” said Delara Derakhshani of the Consumers Union during the senate hearing.
It’s not that the U.S. is apathetic. Fraud used to be relatively low in the U.S., but when Europe switched to EMV, fraud specialists began targeting U.S. companies. The magnetic strip on the back of credit cards provides a much easier target for thieves than a card that can only be used with a PIN number.
What Businesses Need to Know
In 2012, Mastercard released a strategy to switch to PIN and chip credit cards by October of 2015, with Visa also targeting the same date. Initially, businesses will need to upgrade their hardware to accept PIN and chip cards from their customers. Since chip and PIN cards will still feature a sign and swipe function, this type of technology won’t necessarily be required, but that shouldn’t deter businesses from making the investment.
As Mastercard’s Carolyn Balfany pointed out, the most important change related to credit card data lays in the shift of fraud liability. Important enough to warrant a “the” before its name, “the liability shift” means whichever party is using the newest technology when fraudulent transactions occur won’t be held responsible for the charges.
“So if a merchant is still using the old system, they can still run a transaction with a swipe and signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and Pin card to the customer, the bank would be liable,” explained Balfany.
The liability shift isn’t designed to pit merchants and banks against each other, but rather to align their incentives and encourage a smooth, coordinated transition to chip and PIN systems. And while the liability shift is still some ways off, it would behoove businesses to factor in the added costs of implementing chip and PIN hardware sooner than later. After all, businesses don’t want to be footing the bill for fraudulent charges that far exceed what it would have cost them to switch their POS hardware.