Target hack overreaction No. 2: Chip cards will stop fraud! No, they won't. Here's why
I'm hearing a lot of screaming from the hills about chip-enabled credit card right now: Why Europe has had them for 10 years, and how silly that Americans don't have them yet. Well, there's some good reasons why shoppers in the States don't have chip-and-pin yet. Here's the most important one:
They don't really stop credit card fraud.
And consumers should remember this: the great credit card fraud debate renewed by the Target hack has nothing to do with protecting consumers. It has everything to do with titans of industry shifting costs around to each other. We may rue the day credit card fraud systems are "improved," because it might increase consumer liability. That's what happened in Europe. More on that in a moment. But first, why chip cards aren't a panacea:
Problem No. 1 -- Sure, they stop one particular kind of credit card fraud - cloning. Hackers won't be able to steal account numbers and print them up on white plastic for use at retailers any more. But fraud is like a water balloon: squeeze one end, and the other end gets bigger. When Europe went to chip-and-pin, online fraud exploded, and we can expect the same in the States. Why? Unless someone plans to give every American consumer a free smart card reader, we will all still use old-fashioned card account numbers to make purchases online and over the phone. Chips on cards do nothing to stop this kind of fraud.
Problem No. 2. -- No one really wants Americans to remember a host of new PIN codes in order to use their credit cards. So it appears U.S. systems will really be "chip and signature," rather than chip and PIN. Again, it's very hard to clone chip and signature cards, so that's good. But if they are stolen, they aren't any more secure than magnetic stripe cards. A criminal just swipes the card at a terminal and fakes your signature.
Problem No.3 -- Q: How many ATMs in the U.S. are ready to ready to read chips? A: Basically, none. If swapping point of sale terminals for chip terminals is a pricey proposition, imagine the cost of installing new ATMs. So credit cards with chips won't be any safer from ATM fraud than current cards.
Problem No 4 -- After Europe went to chip-and-pin, a curious thing happened to consumers. Many found themselves footing the bill for fraud. What??? When fraud occurs with a chip and PIN card, Euro merchants have the option to bill consumers for the loss, saying they must have been careless with their PIN. (Whenever banks do something to "protect consumers," you should maintain a healthy skepticism). This would be more challenging in the U.S. The Fed's regulation E is very consumer friendly; at the moment, it holds that even if consumers accidentally divulge PIN codes in response to a phishing e-mail from hackers, they still aren't liable. BUT....it's not an impossible leap to think chip and PIN will open the door to a new discussion about the strong protections that consumers currently enjoy in the U.S.
These aren't reasons to avoid chip and PIN, but this might be: It will add a lot of cost to the system, and it isn't at all clear that chip credit cards will save more money than they cost. Every retailer in America will need to buy new point of sale terminals. Consider the challenge at gas stations, which are governed by different rules with machines that must be integrated into other complex systems. (Because of that, stations have until 2017 to comply with new rules). Also, every new credit card will 3 or 4 times more than it does now. If we do all that, and fraud just changes to another form, we've wasted a lot of money. Guess who will pay?
Sign up for Bob Sullivan's newsletter. It's free, and you'll never miss a story