October 2015: The end of the swipe-and-sign card
Credit card fraud is the main reason credit card issuers are moving to a new, PIN-based system. Well, new to the U.S., anyway.
This post comes from Tom Gara at partner site The Wall Street Journal.
It’s a payment ritual as familiar as handing over a $20 bill, and it’s soon to go extinct: Prepare to say farewell to the swipe-and-sign of a credit card transaction.
Beginning later next year, you will stop signing those credit card receipts. Instead, you will insert your card into a slot and enter a PIN number, just like people do in much of the rest of the world.
The U.S. is the last major market to still use the old-fashioned signature system, and it’s a big reason why almost half the world’s credit card fraud happens in America, despite the country being home to about a quarter of all credit card transactions.
The recent large-scale theft of credit card data from retailers including Target and Neiman Marcus brought the issue more mainstream attention, leading to a Senate Judiciary Committee hearing this week. Executives told the senators that once the country transitions to the new system — which includes credit cards embedded with a microchip containing security data — these kind of hacking attacks will be much more difficult to pull off.
The shift is coming though: both MasterCard and Visa have roadmaps for the changeover, and both have set October, 2015 as an important deadline in the switch. But why has it taken this long, and how will the changeover work for card users and businesses?
We spoke with MasterCard’s Carolyn Balfany, the company’s expert on all things related to the new payment system, known as EMV, that will lead to the end of the swipe-and-sign and the beginning of the chip-and-PIN. Here’s what she had to say.
Much of the rest of the world switched to chip and PIN cards years ago. Why has it taken the U.S. so much longer?
There’s a historical view to this. In the past, other markets migrated for two reasons. First, there were higher fraud rates in some other markets, and they wanted to make this move to combat fraud. Second, this system can operate in offline mode – the card and the terminal can authorize a transaction independent of communication with the bank’s systems. In some other markets they struggled with robust telephony networks, so this offline capacity was attractive.
Both those factors were not driving factors here in America. Fraud was more prominent in some other markets, but what has happened since then is that as other markets migrated to EMV and became more secure, fraudsters migrated their activity to markets with less security. We saw fraudsters move over to the US market – they are looking for the path of least resistance.
There were also some more specific challenges to US migration to the new system. Because the US is one of the largest and most complex markets, the business cases for the costs had to be established. And there were requirements of the Durbin amendment, mandating all us debit transactions are able to go across at least two networks, which took some time for the industry to sort out.
It seems now like there is agreement on the switch. So when will the changeover happen?
For Mastercard, now is the time, and we’ve been very consistent on that message for years. We introduced our roadmap for migration in 2012, and that roadmap says that for face-to-face transactions, where a consumer uses their card at a merchant’s location, the liability shift will happen in October, 2015.
The “liability shift” is a big moment in the changeover. Can you explain what it means?
Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.
So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.
The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.
How will the change over to the new system actually happen?
One important thing to know is that it’s not as if everybody just got to the starting line just now, there has been a lot of work on this that has already happened. For merchants, the terminals in many cases are readily available or already there, they already have the equipment ready to handle the new cards. Banks who issue cards in many cases already can issue cards with the chip, and they have been issuing them to customers who travel overseas.
U.S. consumers are already pretty aware of the chip and PIN system, because most of the rest of the world has already migrated. And we would expect in the wake of these latest breaches and the media coverage that awareness is now even higher. And as banks issue consumers their new cards, they will get information explaining the system and all the benefits, and obviously how to use it.
Aside from the security of the system, are there any other benefits for consumers?
One thing to remember is this migration really isn’t about a single device or technology, it’s about establishing a technological platform for the next generation of payments. So the EMV standard that we are moving toward isn’t limited to chip and PIN cards, it also includes things like contactless payments, where you can tap the card against the reader, all with the same level of security.
Card issuers will probably always issue a card, but in this system an account can be resident in multiple places -- so you can have the card, but also maybe a tag affixed to your phone for mobile payments, or a fob on your key ring.
There are lots of different use cases and it depends on the venue, and the devices and what interaction method makes the most sense. In a transit location, contactless interfaces make a lot of sense. We’ll continue to see interactions broaden and evolve as this migration happens.
More from The Wall Street Journal
- Smartphones make you tired and unproductive, study says
- The concert industry's new concept: Try before you buy
- Mortgage rates hit 3-month low
Both those factors were not driving factors here in America."
This is NOT true. This sounds like propaganda whose source is the companies who don't want to get sued for delaying the safer technology.
Many countries who adopted the chip and strip system had lower fraud rates than than the USA. Independent terminals are not only in use in the USA: Americans can't use their credit cards right now in standalone terminals in many other countries, including currency terminals at Paris' Orly Airport.
Europe had this technology for at least 20 years.
Scene in Paris café: You get your dinner bill. Waiter brings to your table a device with a keypad and printout. You slide your chipped card into the device, enter your pin, agree to the amount, then get your receipt.
Scene in New York café: Waiter brings your bill. You give him your credit card, which is taken in the back. Waiter skims your card, then comes back with your receipt, which you sign. Within an hour thousands of dollars of merchandise are purchased with your credit card.
Why do you need to enter a PIN for an ATM withdrawal but not for a purchase of a similar value?
Lose your CC in Europe? No problem, go about your business then call the bank to report it stolen. The person who finds your card can't use it because he doesn't know your PIN.
Lose your CC in the US? Panic, then try to find the customer service # asap to have the card canceled.
Now only if the US can get high-speed rail...
MA L F E A S A N C E BREAK R A S - STATE PLANNER NO WAY OOOPS YOURE OUT
PRIVATE INVESTOR TO BE SABATOGED AGAIN- SAME CRIME BOSSES- STEALING A STOCK OVER A GRAND PER SHARE- WHO WAITED FOR YOU TO TAQKE ALL - EMBEZZLEMENT- STOCKS AND SECURITIES FRAUD WHO IS THE STATE ATTORNEEY GENERAL A FISH CALLED WANDA NYSE - SEC MALFEASNACE THIS TIME YOU LITTLE GEEKS AND MANIACS- PHOBIAS - TRY BARS
Copyright © 2014 Microsoft. All rights reserved.
ABOUT SMART SPENDING
LATEST BLOG POSTS
VIDEO ON MSN MONEY
BLOGS WE LIKE
MUST-SEE ON MSN
A charcuterie master shares his process for cold-smoking meat at home.
- Jetpacks about to go mainstream
- Weird things covered by home insurance
- Bing: 70 percent of adults report 'digital eye strain'