Maybe some good will come out of the data breach at Target.
It could speed up the adoption of more secure credit card technology in this country – something that has dragged on for years.
Chip-based “smart cards” – already used in Europe – are difficult to counterfeit because the account information is encrypted and stored in an embedded microchip. Most point-of-sale transactions with these smart cards cannot be authorized without a PIN code. That’s why it’s called “PIN and Chip” technology.
Matthew Shay, president and CEO of the National Retail Federation (NRF), has sent a letter to the leaders of Congress, calling on the banking industry to switch from the easy-to-hack magnetic stripe to the more secure PIN and Chip.
“As long as bank cards continue to be issued with outdated and fraud-prone magnetic stripe (and signature) security, it is clear American card holders will remain largely unprotected,” he wrote.
Shay said retailers are “eager to work with banks and credit card companies” to reduce fraud. According to the NRF, credit card fraud cost retailers and bankers more than $11 billion in 2012.
Frank Keating, president and CEO of the American Bankers Association, believes the solution should be shared.
"Much has recently been made about the ongoing disagreements between the retail community and the banking industry over who is responsible for protecting the payments system," Keating wrote in a letter to Congress last week. "In our view,it is a shared responsibility of all parties involved. Our existing payments system serves hundreds of millions of consumers, retailers, banks, and the economy well, and we must work together to combat the ever-present threat of criminal activity at our collective doorstops."
There are fears that these new technologies will come at a hefty price tag and ultimately, the cost will be absorbed by consumers.
"These changes require significant financial investment by all parties—and have been the subject of some criticism by many, including parts of the retail industry—but are moving forward," Keating wrote.
Smart cards have been around since the 1990s, but U.S. banks have stayed with the magnetic stripe – a security technology developed in the '60s.
In the last few years, they have issued millions of chip-enabled cards, but they're still a very small part of the total market.
Visa, MasterCard, American Express and Discover want the U.S. converted to PIN and chip security by October 2015. After that date, they say, fraud losses will shift to the retailer if they don’t have point-of-sale payment terminals that read smart cards.
Industry observers blame both sides for the long delay in deploying this technology. Neither industry has wanted to move forward with the changeover because of the enormous costs involved.
“It’s time for both sides to stop debating and start working to solve the problem,” said Adam Levin, chairman and co-founder of IDentityTheft911. “We can no longer afford not to do this.”
Alphonse Pascual, a senior security and fraud analyst with Javelin Strategy & Research, believes the Target breach could be what it takes to finally get both sides to move on the issue.
“As a result of the Target breach, no one wants to be on the wrong side of the issue,” Pascual told NBCNews. “And this technology, which is a very well-understood symbol of credit card security around the world, is something both the financial and retail industries can rally around.”
While smart cards have been proven to reduce credit card fraud at the point of purchase, they don’t stop all fraud. The account number can still be used to make online or telephone purchases where the card does not need to be presented.
“We’ve got to start somewhere and this is an obvious solution,” Pascual said. “We know it works. And just because it won’t eliminate all fraud doesn’t mean it’s not worth doing.”