Bloomberg Business Week Technology Data Security
Photograph by Kristoffer Tripplaar/Sipa via AP Photo
After last year’s massive security breaches at Target (TGT) and Neiman Marcus, data security pros urged U.S. retailers to upgrade their credit and debit card technology to reduce fraud. Companies have been slow to embrace the more secure payment systems that have been widely used in Europe and Asia for years, mostly because of the expense and a lack of synchronization among retailers, credit card providers, and banks.
EMV is considered more secure because it’s harder to copy account numbers and security codes from chips than from the magnetic strips on most cards used in the U.S. EMV cards create a unique code for each transaction, making them more difficult to hack or counterfeit than striped cards.
Merchant Warehouse, which processes credit and debit card transactions for 80,000 U.S. merchants, projects that only about 60 percent of its clients’ locations will be ready to accept chip-based cards by the deadline. Richard Crone, chief executive officer of payments advisory firm Crone Consulting, says more than half of U.S. merchants will miss the cutoff.
For terminals to provide added security, customers must have chip-enabled cards. “Part of the reason we haven’t pushed faster is there’re just no cards out there for acceptance,” Cook says. Today, with about 1 billion cards in use in the U.S., just 20 million chip cards have been issued, according to Smart Card Alliance. Only 20 percent to 30 percent of U.S. card holders will have the new cards by the deadline, says Nick Holland, an analyst at Javelin.
The new cards can cost up to $2 each, compared with pennies for the magnetic-stripe models. “We’ve got 10 million cards in inventory out in the field,” says Mark Putman, a senior vice president for First Data (KKR), which offers prepaid card services. “At $2, we are probably looking at a $20 million investment, which I am going to defer for as long as possible.”
Retailers are willing to do their part to improve security, the National Retail Federation says, but banks and card companies also have a responsibility to update their systems. That includes making and issuing chip-enabled cards.