Credit card fraud is growing, which affects banks, merchants and consumers. In 2014, about 31.8 million consumers’ credit card numbers were exposed to a data breach, according to Javelin Strategy & Research, 2015 Data Breach Fraud Impact Report.
To increase credit card security, banks last year began issuing EMV or chip-enabled credit cards to increase security and help prevent fraud during credit card transactions. To avoid fraud liability, the deadline for merchants to be online with chip-enabled card readers was Oct. 1, 2015, according to The Federal Reserve Bank, although some retailers have yet to convert to the new technology.
Instead of swiping credit cards, consumers now place cards into a chip-enabled card reader, which then generates a unique security code for each transaction, according to Jason Oxman, CEO with Electronic Transactions Association, a leading trade association for the payments industry.
“Chip card technology addresses the single largest source of fraud today which is counterfeit cards,” Oxman said. “The chip makes it impossible to create a counterfeit credit card.”
Oxman said counterfeit cards account for nearly two-thirds of credit card fraud in stores in the U.S. Traditional credit cards with magnetic strips are easier to counterfeit, he said, because they can be easily copied.
“The chip generates a new security code each time you use the card, so you cannot create counterfeit credit cards because you don’t know what unique code it will generate,” Oxman said.
Due to a few glitches, some merchants failed to meet the October deadline, according to Craig Shearman, vice president of public affairs in government relations with the National Retail Federation.
“Most retailers have upgraded to the new card readers that read chip-enabled cards,” said Shearman. But he added that’s no guarantee all merchants can use their new readers despite spending millions to upgrade their systems.
“Retailers have thousands of chip readers out there that are still being used to swipe cards the old-fashioned way because the card industry hasn’t approved the installations,” Shearman said. He blames the delay to certify readers on a lack of resources and personnel from the card industry.
Until card readers are certified, Shearman said it shifts the responsibility for covering the costs of fraud to the merchants.
“Since Oct. 1, the banks have changed the rules as to who is responsible for fraud cost,” said Shearman, including merchants with new card readers awaiting certification. “If the card is a chip card and the retailer does not have a chip reader, then the retailer eats the [fraud] cost.”
But Oxman said some merchants waited too long and are now experiencing delays. He said 1.2 million merchants were successful in coming online with new readers by the October deadline, including both large and small merchants.
Since chip cards do not require PIN codes, some have raised concerns as to whether the new chip cards are safe enough. “If PINs were required on the cards the way they are in the rest of the world, it wouldn’t matter if you had a chip or not,” Shearman said.
Chip cards offer little protection when it comes to lost and stolen cards, according to Shearman, because if a thief gets a hold of a card only a signature is required to make a purchase.
However, PINs have their own limitations, Oxman said. He is more inclined to consider biometric data that is more difficult to replicate such a scan of the human iris to detect whether the card belongs to that person, or fingerprint data that coincides with the credit card holder.
”PINs were invented in 1967,” Oxman said. “It’s a four-digit code that only gives 9,999 options, so it’s not exactly that secure.”
SmartMetric, Inc. is a U.S.-based company specializing in miniature electronic systems and software for biometric identification and validation, and provides enterprise-class products to the payments industry, in both corporate and government sector.
“We’re the first company in the world to issue a biometric card that conforms to credit card standards,” said President and CEO Chaya Hendrick, who meets regularly with banks worldwide. “Banks are able to issue our biometric cards without having to change any existing retail chip card readers or ATMs.”
Whether banks embrace biometric enabled credit cards in the near future is still to be determined. While some critics said the technology remains in its infancy, Hendrick countered that there’s been over a decade in developing this technology and people just aren’t used to seeing it.
Freelance writer Elise Oberliesen contributed to the writing and research of this article.