With recent high profile hacking efforts hitting major chain stores like Target (News - Alert) and Neiman Marcus adding to a cacophony of reports about credit card theft and other breeds of identity theft, it may come as something of a relief to some that the way the United States does business with credit cards is set to change, and fairly soon. The reports suggest that, by the end of 2015—specifically around October 2015—the old model of “swipe-and-sign” in credit cards is about to go defunct, and be replaced with a version that's much more powerful in terms of security.
The word comes from talks that retailers had with senators ahead of a Senate Judiciary Committee hearing, describing how the country can move from the older-style swipe-and-sign model with magnetic strips holding data to a new model with cards boasting microprocessors backed up by a personal identification number (PIN) system otherwise known as Europay, MasterCard (News - Alert) and Visa (EMV).
EMV caught on mainly in Europe and overseas markets, but took a while to migrate to the United States as there were higher fraud rates in other markets—according to reports—and the offline capability of EMV boded well for other markets in which there were less robust communications networks. But with much of the world putting EMV to work, and the identity thieves in said locations finding it much more difficult to ply the trade there, much of identity theft moved back to the United States. As a result, at last report, the United States produces around a quarter of all credit card transactions, yet accounts for around half of all credit card fraud.
The shift, based on reports, will be somewhat gradual and spotty, with MasterCard being up front in making the switch. Word from Carolyn Balfany with MasterCard made it quite clear: MasterCard's been working on this migration since at least 2012, and said roadmap leads to a “liability shift” in October 2015. This represents the biggest part of the whole affair, as this liability shift alters the nature of liability when it comes to credit card fraud. Under the new system, the party with the lesser technology holds liability for credit card fraud, so that merchants can still run transactions with swipe-and-sign, but the merchant becomes liable for fraud, not the credit card company. Conversely, if the merchant can offer the newer system, but the bank isn't getting out the cards to use it, the bank becomes liable. However, much of the infrastructure is either in place or will be well ahead of that liability shift, so any impact should be minimal.
This actually has a fundamental example to go along with it; Target recently announced that it was stepping up its own development of a chip-and-PIN card to replace its old REDcard line, which would keep it nicely in line with what's being released here. No one likes having a credit card compromised, so this measure should prove welcome for shoppers and potentially get said shoppers back in stores and buying again, though admittedly, this might be a blow to the smaller business who likely wouldn't want to replace a lot of machinery just to keep up with the new technology and avoid the potential of business-killing liability claims. Still, identity theft protection of all stripes is everyone's responsibility, in the end, and everyone in the chain has a role to play. We're getting a good look here at where the banks, businesses and credit card companies come into play.
Edited by Cassandra Tucker
Back to Mobile Commerce Insider Home