Sunday, April 13, 2014

Why U.S. Retailers Are Still Vulnerable to Card Fraud

Bloomberg Business Week Technology Data Security

A chip-based EMV smart card
Photograph by Kristoffer Tripplaar/Sipa via AP Photo
A chip-based EMV smart card

After last year’s massive security breaches at Target (TGT) and Neiman Marcus, data security pros urged U.S. retailers to upgrade their credit and debit card technology to reduce fraud. Companies have been slow to embrace the more secure payment systems that have been widely used in Europe and Asia for years, mostly because of the expense and a lack of synchronization among retailers, credit card providers, and banks.

Many companies are behind schedule in updating their systems to comply with a chip-based smart card standard known as EMV (for Europay-MasterCard (MA)-Visa (V), the companies that first backed the technology). Credit card networks have set an October 2015 deadline for most U.S. merchants to upgrade their payment systems.

EMV is considered more secure because it’s harder to copy account numbers and security codes from chips than from the magnetic strips on most cards used in the U.S.  EMV cards create a unique code for each transaction, making them more difficult to hack or counterfeit than striped cards.

Merchant Warehouse, which processes credit and debit card transactions for 80,000 U.S. merchants, projects that only about 60 percent of its clients’ locations will be ready to accept chip-based cards by the deadline. Richard Crone, chief executive officer of payments advisory firm Crone Consulting, says more than half of U.S. merchants will miss the cutoff.

One reason for the delay is the upgrade’s high cost—$500 to $1,000 per payment terminal, according to researcher Javelin Strategy & Research, a division of Greenwich Associates. Retailers are also concerned that the switch will slow checkout times and that it remains unclear how the EMV software will work with debit cards. “It is not a question of just turning it on,” says Margaret Chabris, a spokeswoman for 7-Eleven (3382:JP). “EMV specifications are still being finalized.”

For terminals to provide added security, customers must have chip-enabled cards. “Part of the reason we haven’t pushed faster is there’re just no cards out there for acceptance,” Cook says. Today, with about 1 billion cards in use in the U.S., just 20 million chip cards have been issued, according to Smart Card Alliance. Only 20 percent to 30 percent of U.S. card holders will have the new cards by the deadline, says Nick Holland, an analyst at Javelin.

The new cards can cost up to $2 each, compared with pennies for the magnetic-stripe models. “We’ve got 10 million cards in inventory out in the field,” says Mark Putman, a senior vice president for First Data (KKR), which offers prepaid card services. “At $2, we are probably looking at a $20 million investment, which I am going to defer for as long as possible.”

Retailers are willing to do their part to improve security, the National Retail Federation says, but banks and card companies also have a responsibility to update their systems. That includes making and issuing chip-enabled cards.

The price for not complying could be high. Credit card companies have said most retailers and banks will be liable for some fraudulent in-store transactions if they don’t have the new system. Even so, “merchants aren’t crazy about this migration to EMV, and many of them are fighting it tooth and nail,” says Julie Conroy, an analyst at Aite Group.

1 comment:

  1. This is quite an interesting controversy. The benefits seem to be very good, except when it comes to price. America seems to always want the cheapest product, even when it comes with some disadvantages, just to save some money. Hopefully, the switch will come because more security appeals to me even if it costs a little more. After all, not updating often is more costly in the long run.