Chip and PIN (or EMV) technology is on its way to a checkout near you whether your retailer likes it or not. With credit card fraud a growing problem for consumers, the USA is about to take the same major step up towards reducing it that was taken by most European countries over a decade ago. Seems logical, so why all the furore around implementing it?
At the moment almost all American owned credit cards use a swipe and sign method of verification. This security is fundamentally weak, and it is very easy to create a fake card. How many checkout clerks have you ever seen to make any real effort to check a signature, let alone verify that it’s the signature of the person it purports to be? With many debit cards a swipe and pin method provides some stronger security, but it is still relatively easy to clone a card using tools and data that can be readily bought off the internet. This ‘purchasable data’ by the way is the reason why data breaches such as the highly publicised breach at Target are so concerning – that credit card data could be used at almost any time and anywhere.
The chip and pin technology is far more difficult to clone. The chip contains not just account details but encryption and verification code which must be matched with the correct pin. So to use stolen credit card data you have to have the account details, the pin, and the correct encryption algorithms and key. This clearly represents a much higher barrier to credit card fraudsters than the current swipe and sign verification.
So why the resistance to introducing chip and pin in the USA? APAC is already far ahead in their deployments. Are American card users really so different than users in Europe and Asia? Is shopping fundamentally different? Will it take longer to validate cards by chip and pin than it will by swipe and sign?
Well, the answer to all of these is essentially no. In its recent survey ‘Security Matters: Americans on EMV Chip Cards’, NXP found that overall, the majority (69%) of Americans feel EMV chip cards make their debit or credit card transactions more secure. The reason for delaying the introduction of chip and pin seems to be down to retailers resisting the investment in new card readers. But now the card providers are going to force the issue.
From October 2015, any US retailer taking payment with any of the major credit or debit cards will be obliged to use chip and pin technology, or else accept full liability for any resulting fraud.
Will this tip the balance? It did in Europe when the card providers applied the same approach so it probably will in the USA too. Two other things happened in Europe when the technology was introduced. Firstly, travellers to countries early on the adoption curve put pressure on their own slower moving banks to catch-up. This pressure will be even stronger from US consumers who are finding it even more difficult to use their cards outside the US. Secondly, a few forward thinking retailers very quickly saw chip and pin technology as a differentiator, demonstrating that they took customer card security very seriously.
There is no-longer any doubt that chip and pin technology will become mainstream in the USA, so the time has come for American businesses to catch-up with Europe and provide up to date card protection for their customers.
Check out this video by CNBC: Future of Payments