U.S. banks and retailers, a decade behind in deploying the secure, high-tech credit cards used elsewhere in the world, may take years longer to switch to a system that all but eliminates common types of fraud.
Under pressure from credit card companies, major banks and retailers have begun to roll out the cards, which carry a computer chip and advanced security software that keeps the customer’s account number and other details invisible, even if crooks manage to steal records from a store or bank.
But the conversion could take years to reach critical mass amid a squabble over who will foot the estimated $8 billion bill, and despite fears that scammers have been targeting the United States because of its outdated technology. U.S. credit card fraud rates, once the lowest in the world, have doubled in the 10 years since chip cards spread through Europe.
The theft of tens of millions of records from Target over the holiday shopping season has focused attention on the United States as a weak link. Lawmakers have begun to call for faster action to secure systems while law enforcement agencies investigate the massive breach, believed to be the work of sophisticated overseas hackers.
But even the obvious step of introducing state-of-the-art cards “will take time … the U.S. is the largest and the most complex market to move, so that will influence the migration,” said Carolyn Balfany, of MasterCard Worldwide. The large card companies have said that as of late 2015, they will hold merchants or banks who have not moved to chip-cards responsible for fraudulent purchases that the advanced cards would have prevented.
Balfany estimated that even by that deadline, the number of cards and terminals carrying the advanced technology may only be “in the midrange” – a vast improvement over the negligible numbers of chip cards and terminals currently in place, but one that would still leave many consumers vulnerable.
Fraudulent purchases using fake credit cards or stolen numbers can be a nightmare. Consumers are protected under federal law from paying for the purchases but must still deal with the potential damage to their credit record and worry about the risk of more serious forms of identity theft.
Across the country’s sprawling retail economy, however, the cost has been relatively small – about $1.1 billion a year lost to the fraudulent transactions chip cards are most likely to prevent, according to U.S. Federal Reserve data – an amount businesses have been willing to absorb rather than invest in a new system.
In a 2012 study, payments risk expert Douglas King concluded that fraud in the United States was low enough that the business benefit for chip cards had “yet to fully crystallize.”
The result: While the rest of the world has sped forward, U.S. shoppers remain at risk.
Unlike chip-bearing cards, data from magnetic strips are easily read by hackers, who can use the information to make fake purchases, produce counterfeit cards or use in other identity-theft schemes.
In Western Europe, where the chip technology first developed, more than 90 percent of retail terminals and 80 percent of cards have been shifted to the chip-based system.
The technology has not eliminated all fraud, but it has lead to a dramatic reduction in some staple criminal tactics. .
“Even if you do a systems breach, it makes the data much less valuable,” said Jack Jania, a senior vice president for Gemalto North America, the U.S. subsidiary of a Dutch card-manufacturing company.
“The U.S. is being targeted for these kinds of breaches specifically because you can clone our cards. And on the card black market, the fraudsters are sophisticated enough to know that.”