*Editorial Note: This content is not provided or commissioned by the credit card issuer. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
This article was last updated Jul 14, 2014, but some terms and conditions may have changed or are no longer available. For the most accurate and up to date information please consult the terms and conditions found on the issuer website.
When I travel overseas, I notice a whole other world of credit card use. Customers dip their smart chip enabled credit cards into machines, and enter a PIN number, instead of swiping the magnetic strip and signing. Restaurants bring wireless card readers to diner's tables, where cardholders perform their own transaction without letting their cards out of their sight. When I return home, it is like going back in time again where credit card terminals haven't changed much since the 80s, and we still rely on the magnetic strips that are 1960s technology.
Two Different Paths
How did we get here? When smart chips for credit cards were being developed in the late 1990s, credit card payment networks were faced with a choice. They could migrate to the new smart chip standard that would enhance security, but cost more money per card, or they could rely on data from cardholder behavior to try to weed out fraudulent transactions.
Europe and other parts of the world went with the smart chips that were eventually named EMV chips, which stands for Europay, MasterCard, and Visa. This system required that the credit card have an embedded chip that contacts the card reader, and in most cases, the cardholder enters a four digit PIN number. The downside is that the chip enabled cards cost much more than the plain old plastic ones. For example, most cards cost about ten cents each to manufacture, while a chip enabled card currently costs about a dollar. Presumably, the chip enabled cards were even more expensive when the technology was newer.
Instead of chip enabled cards, the American credit card industry opted for a system that relied on data about cardholder's spending habits to try to determine if a charge is likely to be fraudulent. It sometimes results in false positives that require retailers to call banks to verify charges, but fails to catch many fraudulent transactions when cards are stolen. Nevertheless, it was thought that this "big data" approach (before the term became popular), was going to be less expensive than deploying a whole new network of credit cards and retail terminals.
It is less clear why retailers, restaurants especially, have resisted migrating to portable credit card readers. Certainly wait staff can save time carrying the diner's cards back and forth to their computers by simply delivering the credit card terminal to the table, which is about the size of an older calculator. Furthermore, diners appreciate being able to enter their own tip without having to relinquish their card. The only losers are the criminals who would use their restaurant job as a means to steal your credit card data while they process your bill.
Where We Are Now
Until just a few years ago, many inside the credit card industry believed that the cost of going to the new technology was greater than just eating the costs of fraud. Yet even before the recent high profile data breaches at Target and other major retailers, the U.S. credit card industry had already committed to migrating to EMV.
In fact, the industry came up with an ingenious way to compel all of the parties involved to get on-board, called the "liability shift." By October of 2015, the responsibility for fraudulent transactions will fall on the weakest link in the chain. So if a credit card is equipped with an EMV chip, but the retailer hasn't updated its equipment, the retailer will bear the cost of fraud. But if the retailer has the latest technology, but the card issuer has dragged its feet and hasn't upgraded their cards, the card issuer will pay the price. Thankfully, consumers are still held harmless for fraudulent transactions under the Fair Credit Billing Act, which hasn't changed.
What Took So Long?
The credit card industry is incredibly profitable, which might have provided the excuse to just manage and absorb the costs of fraudulent charges, rather than devote resources to fighting it more aggressively. Now that credit card fraud has resulted in some costly damage to the brands of several major retailers, it now seems like that this approach was a mistake.
Retailers, cardholders, and banks are now clamoring for a more secure system, even though EMV chips would not have prevented some of these data thefts. The industry seems to have learned its lesson, and is now ramping up its production of these new cards. It won't be long before the United States is no longer in the technological backwater of the payment industry…as long as some new technology isn’t adapted by everyone else.
*Editorial Note: Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and have not been reviewed, approved or otherwise endorsed by any card issuer.
*The content in this article is accurate at the publishing date, and may be subject to changes per the card issuer.