Tuesday, December 24, 2013

US a laggard in adopting more secure credit cards

Seems like the U.S. tends to both over-regulate and under-regulate in ways that hurt ordinary people and help the power elite.

I try to avoid using my credit & debit cards, and use mostly cash.

http://www.mcclatchydc.com/2013/12/21/212411/us-a-laggard-in-adopting-more.html

By CHRIS O'BRIEN
Los Angeles TimesDecember 21, 2013

The massive data breach at Target this past week has again highlighted how the United States remains a relatively insecure backwater when it comes to credit card technology.

Over the last decade, most countries have moved toward using credit cards that carry information on embeddable microchips rather than magnetic strips. The additional encryption on so-called smart cards has made the kind of brazen data thefts suffered by Target almost impossible to pull off in most other countries.

Because the U.S. is one of the few places yet to widely deploy such technology, the nation has increasingly become the focus of hackers seeking to steal such information. The stolen data can easily be turned into phony credit cards that are sold on black markets around the world.

"The U.S. is one of the last markets to convert from the magnetic stripe," Randy Vanderhoof, director of the EMV Migration Forum. "There's fewer places in the world where that stolen data could be used. So the U.S. becomes more of a high-value target."

EMV stands for Europay, MasterCard and Visa and is the technology standard that involves placing an integrated circuit of some kind into a credit card. Most European and Asian countries began adopting the technology a decade ago, pushed by regulators in those countries.

-----

The reasons the U.S. lags so badly in adopting smart cards are complicated, experts said. In part, there hasn't been the political will to demand that businesses and financial institutions make the change. Analysts also say the payment processing system in the U.S. is more complicated, with merchants, credit companies and banks reluctant to spend the big bucks it would take to convert a system with 1 billion credit cards to EMV from magnetic stripes.

"It's a function of our system of government and culture," said Ben Woolsey, director of marketing and consumer research for CreditCards.com, which enables consumers to compare credit card offers. "Moving in that direction is going to be costly for the card industry and retailers."

The good news for consumers is that the U.S. is indeed moving to embrace smart credit cards. In the last couple of years major card issuers have laid out road maps for upgrading the card technology, and many have set out to achieve this by October 2015.

At that point, major credit card companies will change their rules about who is liable for fraudulent purchases caused by security breaches. Under the new rules, the entity in the payment chain-merchant, credit card, banks-deemed to have the weakest security will be liable. Credit card companies can't make anyone adopt the technology, but they're giving them a hard nudge.

----- [What about liability of credit card companies who have weak security?]

Will Pelgrin, chief executive and president of the Center for Internet Security, said the new technology would be a big step forward in fighting fraud. But he also cautioned against thinking it would solve every problem. Hackers, he noted, are constantly evolving their strategies, and companies need to remain vigilant and continue to invest in securing and monitoring their networks even when the smart card era takes hold.

No comments:

Post a Comment