Card giants Visa and MasterCard have been making headlines of late for introducing new software aimed at speeding up the checkout process for consumers using new chip-enabled or EMV (Europay, MasterCard, Visa) credit cards. While any effort by the major card brands to improve the process is welcome, these software fixes are more window dressing than they are serious improvements.
MasterCard’s M/Chip Fast solution and Visa’s Quick Chip program are the latest attempt by the card brands to try to smooth over the poorly planned and executed EMV transition – where Americans transitioned from swiping their old magnetic stripe credit card to dipping their new chip card, while retailers began taking responsibility for fraudulent transactions made if they weren’t using chip technology.
According to payment industry expert Madeline Aufseeser, “With the current authorization process, you can’t take your chip card out until the authorization is complete, which creates a perception that it’s time-consuming. What Visa and MasterCard have done is remove that perception, where customers will be able to put their card quickly back into their wallets, but they’ll still be there until the authorization is complete.”
That means the M/Chip Fast and Quick Chip will not cut down on actual checkout time but merely create the impression that you are spending less time at the register when, in fact, you are just spending less time with your card inserted in the terminal.
Regardless of the validity of these programs or how much they will actually speed things up, there remains much larger security issues with the new cards that card issuers seem inexplicably unwilling to address. The cards being shelled out by Visa and MasterCard in the U.S. have a critical security flaw – they don’t use a personal identification number (PIN) as a second layer of protection.
The cards now being used by millions of Americans are referred to as chip-and-signature cards. While it is true that these cards are more secure than the magnetic stripe cards they replaced, they can still be compromised to steal sensitive consumer financial information as researchers recently demonstrated at the Black Hat security conference in Las Vegas earlier this month. What’s more, card issuers chose not to replace signature verification with PIN verification on the new cards, which has left them unnecessarily vulnerable to fraud.
The signature has been obsolete for decades now and can be described as a formality at the register, at best. In fact, it has become so useless that card issuers have increased the limit to $50 on no-signature-required programs that encourage retailers to not require a signature for low cost purchases.
Furthermore, chip-and-signature cards only address one form of fraud – counterfeit card fraud – which account for only about a third of fraud leaving American’s vulnerable to other common forms of fraud that account for nearly the vast majority of it. In contrast, chip-and-PIN cards have a proven track record of combating most common forms of fraud, having been in use in most developed countries for years now.
Over a decade ago, other countries implemented chip-and-PIN and saw fraud greatly reduced, with the United Kingdom seeing close to a 60% drop after implementing the more secure cards. The overdue rollout of EMV here in the U.S. has directly contributed to us only trailing Brazil and Mexico in global fraud rates with nearly half of American consumers having been exposed to credit card fraud according to a recent survey.
However, despite the overwhelming evidence and obvious need for better card security the big players in the credit card industry have been unwilling to issue the more secure technology – claiming to be opting for “convenience” and even questioning whether consumers can remember a four digit PIN.
I think we can all agree that it is time for our card giants to focus more on security and a little less on “perceived” convenience – at least until the U.S. is not consistently at the top of the global fraud charts.
