Preventing Credit Card Data Theft Is Harder Than It Should Be

By Wayne Rash  |  Posted 2014-01-16 Print this article Print

"In other places, it wasn't left up to the market to decide," explains Randy Vanderhoof, director of the EMV Migration Forum. Vanderhoof told eWEEK that in the U.S. the decision on secure credit cards is left up to the market to decide. "It's difficult to get the market to agree on anything," he said.

Vanderhoof said that while card issuers want to find ways to reduce fraud and cut their current losses, "the issuers don't have ultimate decision making to force the merchants to swap out their acceptance infrastructure." He noted that frequently retailers want to negotiate a better set of terms for adopting the new technology.

Researchers at the Aite Group have studied the pace of adoption in the U.S., and what they've found isn't encouraging. According to Aite Group Research Director Julie Conroy, the process of EMV card adoption is progressing slowly, and what progress there is was slowed even more when a group of retailers sued the Federal Reserve challenging their debit card processing rules.

Federal Judge Richard Leon found that the Fed had overstepped its bounds and rejected the so-called Durbin Amendment that controlled debit card processing. This in turn meant changes in how debit cards are processed, and that in turn slowed down EMV chip introduction on those cards. That in turn slowed down all EMV chip conversions.

"They want to do credit and debit at the same time," Conroy explained. Conroy found that a process that was already rocky was getting even more so. Conroy's study was actually only one that had found that U.S. businesses are being negatively impacted by the delays in a change to more secure credit cards. An earlier study found that credit card use outside of the U.S. was already becoming difficult. Fortunately, the Aite Group has some recommendations for how businesses can move forward.

At least there is some movement. A few major banks, such as Chase, are working to provide businesses with terminals that can read any secure credit card as well as the old mag stripe cards. But this process will take awhile.

Levi Gundert, Cisco's expert on secure POS terminals, told eWEEK that merchants need to secure their payment systems in the meantime. "I don't see EMV becoming a reality for at least another three to four years in the U.S.," he said. "EMV is the long-term solution (though it's not perfect either), but in the short term investing in hardware encryption at the point of sale would be a very effective countermeasure if magnetic stripe payment cards continue to be the U.S. standard."

In the meantime, that chicken and egg problem remains. While it's easy to point fingers, the reality is that only the card issuers can realistically take the next step by broadly issuing cards with EMV chips. The banks have the ability. They're already issuing these cards to some customers now. As a business, your best bet is to find a bank that wants your business enough to help you stay secure by offering you this proven technology.



Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel