Credit card fraud is a major problem. This isn’t surprising since until recently, at least here in the United States, credit cards included no security. Hoping to reduce fraud the credit card companies developed the Europay, Mastercard, and Visa (EMV) standard. Cards that comply with the EMV standard include a chip, which offers some security. But here in the United States two setbacks have prevent EMV from delivering better credit card security. First, the United States is adopting chip and signature, not chip and PIN. Secondly, most merchants still aren’t equipped to process EMV credit cards:
This week a management consulting company called The Strawhecker Group (TSG) released the results of a study that found that only 37 percent of US retailers were ready to process chip-embedded credit and debit cards. The slow adoption of chip-embedded cards leaves merchants open to accepting liability for fraud perpetrated with traditional, less-secure magnetic stripe cards.
I attribute this low adoption rate to the credit card companies failing to set a hard cutoff date for magnetic strips. Even if you get an EMV card it will contain an insecure magnetic strip so it can be used at merchants that aren’t setup to process EMV cards. Since all EMV cards are equipped with magnetic strips merchants aren’t motivated to get setup to process EMV cards.
When it comes to security hard cutoff dates are necessary. Without them users of the old insecure standard see no reason to upgrade. With them users grumble about having to upgrade but will begrudgingly do it out of necessity. Credit card companies need to set a date and tell merchants that after that date magnetic swipe transactions will be declined otherwise we’ll never get over this financial fraud fuckery.