- - Monday, January 19, 2015

ANALYSIS/OPINION:

Credit card fraud is everybody’s headache. If the hackers haven’t got to you yet, they will. There’s a new weapon against the hackers, called “chip-and-PIN technology,” but replacing a billion credit cards is expensive and some of the big banks are reluctant to put out the millions (and millions) of dollars to pay for it. The federal government is using chip-and-PIN cards but not many private users in the United States have access to it.

President Obama in October issued an executive order for “a new policy to secure payments to and from the federal government by applying chip and PIN technology to newly issued and existing government credit cards.” The federal government now uses cards with an embedded security chip, rather than cards with the more vulnerable magnetic strip across the back of the card, and the user punches in a personal identification number to use it.

The president has so far not asked Congress, the banks and the financial companies that oversee the credit card industry to move to chip-and-PIN technology for all credit and debit cards. But PIN technology is inevitable. Most Americans use credit cards with the magnetic strip, and that technology is 40 years old — a millennium, as technology goes.

But ever so slowly banks are introducing the chip to replace the strip, which will be an important deterrent to hackers. Merchants who don’t have new terminals to accept chip-enabled cards by October will be held responsible for many of the costs of credit card fraud.

The chips are only half of the new technology. The PIN, for personal identification number, is the other half. The old technology requires only a signature on the sales slip. Many merchants say it would be inconvenient for customers to remember a PIN, the best protection against charges made against a lost or stolen card.

Rep. Michael Burgess of Texas, the new Republican chairman of the House Subcommittee on Commerce and Trade, and Sen. Richard Blumenthal of Connecticut, a Democrat, say they will introduce some data security legislation this year, focusing on requiring card companies to quickly notify consumers when there’s a security breach. The legislation should include language to push the financial industry to adopt both chip and PIN technology. Most other developed countries have.

Participating banks are reluctant to require the four-digit PINs because customers, already complaining about the passwords and other PINs to remember, are likely to forget the digits. The chip-and-signature cards coming this year will add another layer of inconvenience to shopping. The chip-based cards must be inserted into a slot at base of a cash-register terminal and remain there, unlike the present-day cards that are merely swiped, and remain in the base until the customer signs the sales slip.

J.P. Morgan Chase, which issues more cards than anyone else, considered moving to the chip-and-PIN technology this year, but The Wall Street Journal reports that it decided not to do it after testing them with customers. Several companies have been hit by data breaches, such as Staples, Dairy Queen and Home Depot, and industry analysts say these breaches could have been prevented if chip cards had been in place. Target, which suffered a data breach two years ago, is issuing its own cards with PIN technology.

Credit cards have revolutionized commerce, but with revolution comes counter-revolution, and hackers never sleep.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide