Who’s robbing you blind? It’s not just hackers – Visa, MasterCard and the banks could have given you a fraud-safe credit card but didn’t
You would think there are some very good reasons to improve the security of credit cards in America: 15 billion and 13.1 million, to be precise. Those are the number of dollars stolen and victims who lost that money in the last year, respectively, according to estimates from Javelin Strategy & Research.
The number of victims increased from 12.7 million in 2014, though the amount stolen declined from about $16 billion. It’s not bailout money, but it’s a big sum lost each year to hackers and identity thieves. And while the U.S. is starting to make cards safer, we still lag behind the rest of the world on credit card security.
A year after the U.S. reached an important deadline in shifting toward chip-embedded credit and debit cards, the use of these new cards that require a dip rather than a swipe has grown dramatically. That’s good news for safety-minded cardholders. But the transition has been far from smooth, and some people argue that banks and payment processors have failed to get merchants and consumers on the chip bandwagon. Big time.
Although the shift to so-called chip-enabled Europay, MasterCard and Visa cards has been proven to reduce fraud anywhere they have been introduced, the change has been met with a lot of complaints in the U.S. In October 2015, payment networks led by MasterCard and Visa began making merchants liable for fraud caused by their older swipe-only card scanners, forcing retailers large and small to reluctantly spend hundreds to thousands of dollars on newer terminals.
Merchants also aren’t particularly happy with the added time that chip cards require for processing, which is particularly a problem during the busy holiday shopping season; last year some stores disabled the dip option on their card readers so as to speed up the checkout process.
But despite all the headaches and expense involved with retailers’ shifting to the new cards, there is one glaringly obvious measure that card issuers could have taken: requiring consumers to enter a PIN number to finalize a transaction similar to the way shoppers already do so with their debit cards. However, when Visa and MasterCard began urging merchants to shift to chip-enabled card readers last year, the banks didn’t require payments through their networks to use exclusively the much safer so-called chip-and-PIN option. Instead, American consumers use a chip-and-signature system — a half measure in the eyes of many experts and far less secure.
“It would have been wiser to go all in and introduce the PIN rather than taking a bit of a half step with the signature,” Matt Schulz, the senior analyst at CreditCards.com, told Salon. “How many people use debit cards with a PIN on a regular basis? It’s not like it’s a completely foreign concept, so it seems like there was a missed opportunity.”
Some observers have pointed out that the decision to avoid requiring PIN numbers on credit cards was a conscious effort by Visa and MasterCard to steer consumers toward their more expensive payment-processing networks. Signature-verified transactions earn the two top card processors 1 percent to 2 percent in fees — far more than they collect on PIN-verified transactions.
“By rolling out chip and signature in the United States, the banks are giving us 20th-century technology when we’re already well into the 21st century,” Craig Shearman, vice president of government affairs and public relations at the National Retail Federation, told Salon. “If we’re going to go with the chip system at the very, very least, it needs to be chip and PIN. It’s a baseline for modern credit card security, not something we should have to be asking for.”
Meanwhile, new technologies are emerging that could bolster credit-card security even further. Developers are working on biometric payment systems that would use facial-recognition software and thumbprint scanners. And ultimately Visa and MasterCard could one day face the prospect that credit cards themselves may become obsolete as new more secure ways of processing electronic transactions are introduced.
Maybe by then the U.S. will have caught up to the rest of the world in credit-card security.