’Tis the season of good will toward all, family meals and traditions, and shopping.
Unfortunately, ’tis also the season of sophisticated criminal rip-offs, like the massive data breach at all 1,797 Target stores in the United States, affecting 40 million credit card users between Nov. 27 and Dec. 15. The thieves got customer names, credit and debit card numbers, as well as card expiration dates and the three-digit security codes.
The rest of the world has migrated to more secure embedded microchip-based cards. The United States should, too.
The Target incident, which hurt business in the crucial shopping weekend before Christmas, should make the change come sooner rather than later. Credit card fraud costs are heading toward the $10 billion mark.
Europe, Asia, Latin America and our neighbors, Canada and Mexico, already have adopted chip cards. They are the international standard for payment cards. More than 1.5 billion chip cards have been issued globally and more than three-quarters of payment terminals outside the United States accept chip cards.
The United States has been a laggard, sticking with the magnetic stripe technology of the 1960s.
Why? This country has relied on voluntary efforts by industry to make the move, and it just hasn’t happened. In other countries, government has stepped in to set uniform rules for all players. For example, the European Payments Council set rules for more than 8,000 banks in 38 European countries with a January 2011 deadline for adoption. Governments in Japan, Korea, Taiwan, Australia, South Africa and other countries also drove the change.
France and Germany have been using chip cards since the 1990s.
The United States, in contrast, has “let the payments industry decide what to do,” according to a 2011 report by First Data Corp., a global credit and debit card payments processor based in Atlanta. So merchants still use swipe readers and we consumers are stuck with magnetic stripe cards, which are prone to skimming fraud.
The total cost of implementation – replacing cards and readers in the United States – has been estimated to be about $8 billion. Compare that with the annual cost of credit card fraud of $8.6 billion. With a two- to three-year phase-in, First Data concludes that the cost of implementation “could be recovered quickly and all players could gain from a lower overall card fraud rate.”
Simply encouraging the U.S. card payment industry to develop its own standards to limit fraud is not enough.
“Other regions found it necessary to have financial regulators impose guidelines and deadlines on participants to enforce universal adoption,” First Data noted in 2011. “… While we want to believe that the U.S. payments industry can act on its own behalf, it just might take an act of Congress plus oversight by the Fed to get the process going and to mandate that all players participate by specific deadline dates.”
We have a chicken-egg problem here. Merchants won’t buy chip readers if banks aren’t issuing chip cards. Banks don’t want to issue chip cards because they collect fees from merchants to cover credit card fraud. A better card would mean less fee income for them.
This is a case where the government needs to act to level the playing field for all. Action by Congress would put the United States in sync with international standards for in-store, face-to-face payments. Magnetic stripe credit cards should go the way of eight-track tape.