Target breach 'watershed event' for security

Data breaches like the one at Target that exposed information for 70 million customers would be pointless for criminals if U.S. banks switched to the secure chipped Smart Card technology common in about 80 other countries.

Wary U.S. consumers are pushing for the change.

"The Target breach is a watershed event," says Mary Ann Miller, managing director of fraud consulting and industry relations at Nice Actimize. "Consumer confidence has eroded."

Even as public pressure mounts for a more thief-proof system, it looks like the U.S. will remain behind the curve in credit card security until at least October 2015.

That's the target date that Visa, MasterCard, American Express and Discover have set for when they want the entire industry to stop using insecure magnetic strip cards and adopt the secure chip cards and chip readers.

EMV stands for Europay, MasterCard and Visa and is the technology standard for the chips. Additional encryption on the chip makes it almost impossible for criminals to duplicate the card.

Switching systems for the largest and most complex market in the world will be a costly and tedious process, Miller says. ATMs, bank authorization systems, retailers' card readers and the cards themselves will need to be changed.

"It's going to be one of the largest conversions of our payment system in many, many years," Miller says.

In 2014, more than 40 million EMV cards will be distributed, and in 2015 there will be a significant ramp up, Miller says.

But anxious consumers are wondering why the U.S. hasn't already adopted the more secure credit card system.

"The size and scope of the Target data breach has set off alarms across the industry," says Randy Vanderhoof, executive director of the Smart Card Alliance, an association that represents companies using the chip technology. "Until recently this kind of fraud has been considered manageable. It would be easier to absorb the loss from the counterfeit fraud than to replace the 1.2 billion credit cards and debit cards that are in the market today and 10 million card readers that are in retail stores."

Right now only 1% of U.S. cards are EMV chipped.

"It would cost tens of billions of dollars if all of the cards and terminals were replaced at once," Vanderhoof says. But the real cost will be considerably less than that because banks will phase in chip cards when older cards expire and merchants will naturally replace and upgrade their card readers to those with chip reading technology for the same cost as any other reader.

The cost of the card with the chip is still more expensive, but it's moving closer to the cost of the magnetic strip, says Doug Johnson, who oversees risk management policy for the American Bankers Association.

Banks have already started giving out chipped cards, and retailers are starting to figure out their strategy to switch over technology. If retailers opt not to switch their devices then they will be liable for any fraud, Johnson says.

"This is just one more tool that banks and retailers are deploying," Johnson says. "It's not the last tool. We will continue to look at other ways to keep the environment safe."

MasterCard is firm on the October 2015 target date. Chris McWilton, MasterCard's president of North American markets, wrote in a Jan. 8 letter to MasterCard customers: "MasterCard continues to believe that now is the time to migrate to EMV in the U.S. ... While the landscape may look differently in months or years, we cannot stop progress because there is too much at stake for all of our customers."

"It's not a silver bullet," Miller says. "It won't completely eliminate fraud. Fraudsters will move to other methods because that's just the nature of fraud."


To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment