U.S. banks are changing the security features of customers’ credit and debit cards in a long overdue measure to reduce card fraud. Cards will still work the old-fashioned way, but merchants who upgrade their systems to use the new security features will save money. They’ll also avoid the new liabilities for fraudulent charges that will be borne by merchants who don’t upgrade their systems…
A More Secure Credit Card
The new security feature is called EMV, and I explained it back in February. Briefly, EMV defeats counterfeiting of cards by cloning. A microchip on the card enables it to communicate interactively with a compatible card reader during a transaction, creating a one-time encrypted authentication token for each transaction.
More than half of the entire world’s credit card fraud occurs in the good old U. S. of A. That’s mainly because U. S. merchants have resisted EMV security because it costs money to upgrade all of those card readers and payment processing systems. The rest of the developed world started using EMV in 1993, so fraudsters have gravitated to the easier targets here in the U. S., and banks have gotten tired of it.
Security experts believe that the recent massive breaches at Target, Neiman Marcus and other retailers could have been prevented or at least greatly limited by the use of EMV-enabled cards with the embedded microchips.
Currently, when credit card fraud is committed the card-issuing bank usually eats the loss. But after October 2015, merchants who do not use EMV protection in their transactions may be liable for any resulting fraud losses. So you can save money by not upgrading to EMV technology, but your risk of credit card fraud losses will increase.
Paypal already sells an EMV-compatible card reader in the UK, so it should be readily available for U.S. merchants soon. Square, Inc., is offering merchants information on EMV and promising an affordable card reader that’s compatible with EMV. Square is also working on an update to its $99 Square Stand mobile POS system that turns an iPad into a secure transaction terminal.
Unlike the Paypal EMV reader, Square’s will not have a PIN pad, presumably to keep cost down. Instead, customers will “dip” the short end of a card into the reader so that the card’s embedded chip can communicate with the reader. Traditional mag-stripe swipes will still be supported, but as stated above such transactions will carry increased risk of chargebacks and associated fees after October, 2015.
Online-only merchants may think that EMV means nothing to them; after all, they never see a customer’s card. But fraudsters take the path of least resistance. When EMV is implemented by U. S. brick-and-mortar merchants, fraudsters will focus on e-commerce even more.
Protecting oneself against online card fraud will become more important than ever. In Europe, some credit card users have a device that allows them to swipe their EMV-enabled card and get an authentication code that can be used for online transactions. Let’s hope that U.S. banks and websites do likewise, and soon.
Your thoughts on this topic are welcome. Post your comment or question below…