It has been more than four months since the October 1 “liability shift” — a deadline touted as a major step forward toward improving credit card security. However, the reality is that nothing has really changed since then for consumers. As Americans prepare to celebrate Valentine’s Day weekend with their loved ones and buy those special cards and gifts, they must not assume a false sense of security.
The one thing the October 1 date did mark is a shift in the liability (both monetary and otherwise) — from card issuers to retailers — in the event of payment fraud. Retailers were expected to update their point-of-sale payment terminals to accept chip-enabled, otherwise known as EMV, payment cards.
Many American businesses and retailers — both large and small — have spent the last year investing billions of dollars in upgrading their in-store hardware and software. Nowadays, in the event of fraudulent transaction, a retailer with an EMV-compliant point-of-sale terminal will not be held accountable if the card issuer had provided the consumer a chip-equipped card. If the card issuer did not provide the consumer a chip-equipped card, then the card issuer would bear the financial loss. If the retailer had not installed an EMV-compliant point-of-sale terminal, and the consumer had been issued a chip-equipped card, the retailer would have been responsible for the loss associated with the fraudulent transaction.
It seems like a fair enough tradeoff. However, the banks and other financial institutions have made insufficient progress in distributing these cards to their customers.
According to merchant-services provider Harbortouch, only one out of five Americans has used an EMV card. In addition, even those who do have an EMV chip card are not as protected as they could and should be. While this is troubling for everyday consumers who are rightfully fearful of having their personal financial information misused, the card issuers can seize this opportunity to advance payment security one step further and provide greater safeguards for consumers.
Chip-card technology relies on an embedded microchip to house our financial information, as opposed to the nearly-half-century-outdated magnetic stripe. In theory, replacing the stripe with a computer chip would make it considerably harder for thieves who are able to infiltrate the swipe systems in payment terminals. In reality, these chip-equipped cards are still vulnerable to fraud because they continue to rely on an even more outdated form of authentication: our signatures.
But another form of technology, one that has been used around the world for decades, can solve that problem. Chip and PIN technology uses a combination of EMV and personal identification numbers (PINs) to safeguard consumers’ information. Instead of just a simple signature, consumers are required to enter a numeric code at checkout to finalize a transaction.
Should a thief somehow counterfeit a consumer’s card, it would still be useless at checkout without the knowledge of that person’s PIN. However, as things currently stand, a thief can simply forge an individual’s signature and potentially walk away with stolen goods.
Despite the overwhelming evidence of chip and PIN’s success, Visa, MasterCard and other financial institutions insist on issuing chip-only cards, arguing that consumers would have trouble remembering an additional passcode. In actuality, the big banks and credit card companies are cutting corners to protect themselves, forgoing the added PIN feature to preserve their business model of charging fees for processing transactions.
The half measure approach of still relying on signatures, instead of the clearly more secure chip and PIN combination, exposes American consumers to unnecessary risk. And while chip and PIN cards are not a cure-all for all credit card fraud in the United States, it is considerably better than the ineffective use of signatures as the basis of any consumer safeguard.
Given the lack of progress on transitioning to chip-cards thus far, financial institutions should take this opportunity to consider the success of chip and PIN around the world and upgrade their cards with this two-prong system.
Consumers deserve the best payment security system available — and that system is chip and PIN.