By the end of 2015, banks and retailers are expected to replace credit and debit cards with new chip cards, 575 million to be exact (that’s a little more than half of the cards issued in the United States).
The effort is an attempt to curtail the hacking of personal information and account access by criminals around the world, which most recently has affected customers of Shaw’s grocery stores. Last holiday season, millions of Target customers had their card information stolen.
But it’s not just big retailers that have been targeted by hackers. In 2013, a local bagel shop was also victimized. According to Javelin Strategy & Research, credit card fraud totaled $18 billion last year alone.
Chip cards, which have been in wide use for many years in Canada, Asia and Europe, have been hard to catch on here in the States.
“Businesses didn’t want to invest in new technology until the card companies issued the plastic to consumers, while the card companies didn’t want to give them to customers until there was a place they could be used,” wrote Robin Sidel for the Wall Street Journal.
But with these massive breaches going on with regularity, it was a just a matter of time before the financial losses to credit card issuers and other lending institutions forced the issue.
The new chip cards will incur costs for retailers, who will be required to update or replace card readers. The new cards will also force consumers to make some changes.
“Although the cards still have a magnetic strip on the back to use at merchants that haven’t upgraded their technology,” noted the Wall Street Journal, “the computer chips don’t work with a swipe at the register. Instead, shoppers slide the card into the bottom of the terminal and leave it there while the purchase is processed.”
According to the Journal, each transaction made with a chip card has a unique code attached to it, reducing the chance that stolen card data can be used to make fake credit cards.
“Such cards likely wouldn’t have prevented the hacking at Target, but the card data would have been useless to them,” wrote Sidel.
While most of the new cards issued by the end of next year will be chip and signature cards, many businesses in Europe and Asia are using chip and PIN cards, which also require a customer to enter a PIN for an added level of security.
But even smartcards won’t stop hackers from stealing data and gaining access to credit accounts, maintained Ross Anderson, who spoke this year at Black Hat (an annual convention for network security).
He said sophisticated criminals could still steal PINs from certain card readers and others could install malware to capture data.
However, Anderson told PC Magazine’s Max Eddy that chip and PIN cards are technically superior because they are harder to clone.
But in Europe, there has been some controversy with the chip and PIN cards. Many issuers have stopped covering the cost of fraud and shifted the expense to merchants, who end up footing the bill.
Anderson was also critical of the hodgepodge way that chip and PIN has been rolled out around the world.
“(Chip and PIN) isn’t a single protocol,” he told PC Magazine. “It’s a big, random, crafty toolkit to build payment protocols. You can either come up with something that is really secure, or something that is bloody awful.”
We can expect that there will be some confusion over the next 18 months as the new cards and readers are rolled out, but any progress is better than worrying that every time we swipe our cards our information might be stolen. We know it will prove to be a hassle for some people, and definitely will hit the bottom line of lots of mom-and-pop operations around the country, but that’s just the cost of doing business in today’s connected world.
— The Brattleboro (Vt.) Reformer