Many Americans who travel to Europe run into difficulty using their U.S.-issued credit cards because they lack the computer chips that are standard on that continent.
The chips generate new random codes with each transaction and require a user’s PIN number, making them much more secure than the cards with old-fashioned magnetic strips used in the United States.
The Target scandal that reportedly involved about 40 million consumers during the Christmas shopping season wasn’t the worst such theft in recent memory. In 2008, Heartland Payment Systems — which provides debit and credit card processing — suffered a theft that totaled about 130 million cards.
The amazing thing is that the ’08 theft, which also involved cards with magnetic strips on the back, did not spur banks and merchants to switch to a more secure chip system. Consumers ought to be asking why.
The standard answer is that chip-embedded cards are more expensive to produce. Each merchant would have to purchase new equipment to hand them.
But of course countries in Europe and elsewhere have found ways to deal with these expenses. News reports indicate the chip-embedded cards now are standard in 80 countries. Meanwhile, credit card fraud is declining in most places on earth except the United States. The credit card industry reports the U.S. accounted for only 24 percent of global credit card payments by volume in 2012, but it accounted for 47 percent of the fraud.
When transactions are processed using a magnetic strip, information is sent online to banks and card issuers without any serious encryption. Experts say a card’s information is vulnerable to hackers at several points along that journey. And because criminals don’t have to worry about a chip that produces unique random codes, they can easily take valid card numbers and produce counterfeits that will be accepted by merchants.
To be sure, computer chips are just one tool in the fight against fraud. As more and more transactions are made online, the need for securing card information on the Internet poses other problems. Also, smartphone technology now allows consumers to make purchases with their phones, adding opportunities for a different sort of fraud.
Some experts warn it will be impossible to stay ahead of criminals who constantly look for ways to compromise whatever system is used. But while this is true, it also is true that fraud rates in Europe declined noticeably after the introduction of chips in cards.
Credit card industry officials say chips will be standard-issue in the United States by the end of 2015. Frankly, it’s a little late. Target’s current crisis ought to expedite the change to chips now. But then, Heartland Payment System’s crisis five years ago should have done the same.
Or perhaps the industry ought to have been spurred to action by thefts at T.J. Maxx, which in 2007 reported that 45.7 million customer cards had been stolen, with some thefts dating back to 2002. The New York Times reported recently that this breach actually was more in the range of 90 million customers.
Fraud may still be a small part of a very lucrative credit card industry, but it accounts for billions in lost money and untold suffering by people whose identities are compromised. It’s way past time for U.S. banks and merchants to catch up and take the lead in protecting consumers.