Each year, millions of Americans suffer credit card fraud. So why did card issuers cut corners on card safety?
You would think there are some very good reasons to improve the security of credit cards in America — 15 billion and 13.1 million, to be precise. Those are the number of dollars stolen and victims who lost that money in the last year, respectively, according to estimates from Javelin Strategy & Research. The number of victims increased from 12.7 million in 2014, though the the amount stolen declined from about $16 billion. It’s not bailout money, but it’s a big sum lost each year to hackers and identity thieves. And while the US is starting to make cards safer, we still lag behind the rest of the world thanks to Visa and Mastercard.
A year after the U.S. reached an important deadline in shifting toward “chip” credit and debit cards, the use of these new cards that require a dip rather than a swipe has grown dramatically. That’s good news for safety minded cardholders. But the transition has been far from smooth, and some argue that issuers – namely Visa and MasterCard – failed to get merchants and consumers on the chip bandwagon. Big time.
Although the shift to so-called chip-enabled EMV (Europay, MasterCard and Visa) cards has proven to reduce fraud anywhere they’ve been introduced, the change has been met with a lot of complaints in the U.S. Last October, banks began making merchants liable for fraud caused by their older swipe-only card scanners, forcing retailers large and small to reluctantly spend hundreds to thousands of dollars on newer terminals. Merchants also aren’t particularly happy with the added time chip cards require to process, a particular problem during the holiday shopping season, which last year saw some stores disabling the dip option on their card readers in order to speed up the checkout process.
But despite all the headaches and expense by retailers to shift to EMV cards, there is one glaringly obvious measure that card issuers could have taken: requiring consumers to enter a PIN number to finalize a transaction similar to the way shoppers already do it with their debit cards. Instead, when Visa and MasterCard began urging merchants to shift to chip-enabled card readers last year, they decided against the so-called chip-and-PIN option that would have made transactions at both physical and online stores more secure. Instead, American consumers use the so-called chip-and-signature system — a half measure in the eyes of many experts and far less secure.
“It would have been wiser to go all in and introduce the PIN rather than taking a bit of a half-step with the signature,” Matt Schulz, the senior analyst at CreditCards.com, told Salon. “How many people use debit cards with a PIN on a regular basis? It’s not like it’s a completely foreign concept, so it seems like there was a missed opportunity.”
Some observers have pointed out that the decision to avoid requiring PIN numbers on credit cards was a conscious effort by Visa and MasterCard to steer consumers toward their more expensive payment processing networks. Signature-verified transactions earn the two top card processors 1 to 2 percent in fees — far more than they collect on PIN-verified transactions.
“By rolling out chip-and-signature in the United States, the banks are giving us 20th century technology when we’re already well into the 21st century,” Craig Shearman, vice president of government affairs and public relations at the National Retail Federation, told Salon. “If we’re going to go with the chip system at the very, very least it needs to be chip-and-PIN. It’s a baseline for modern credit card security, not something we should have to be asking for.”
Meanwhile, new technologies are emerging that could bolster credit card security even further. Developers are working on biometric payment systems that would use facial recognition software and thumbprint scanners. And ultimately Visa and MasterCard could one day face the prospect that credit cards themselves may become obsolete as new more secure ways of processing electronic transactions come online.
Maybe by then the U.S. will have caught up to the rest of the world in credit card security.