Chip, or EMV, credit cards usage is set to become the retail standard as of today, but while credit card companies and retailers agree security should increase there is a divergence of opinion on whether the roll-out has been handled properly.
On October 1 all retailers in the United States were supposed to be prepared to accept EMV, or EuroPay, MasterCard, Visa, cards as a form of payment. However, according to the National Retail Federation, citing data from creditcard.com, only 40 percent of Americans have so far received a chip card. On the retail side, MasterCard told SCMagazine in an email on Wednesday that 26 percent of national and regional merchants are accepting the new cards along with 320,000 local retailers.
The National Retail Federation said in a statement sent to SCMagazine.com that since chip card users do not also have to input a PIN the new cards are not that secure. The NRF and the retail industry have called for chip-and-PIN cards, but the card industry is issuing cards in the U.S. that only require a fraud-prone signature as proof of identify, the NRF wrote.
“The transition to chip and signature cards is still only a half measure—cards without PINs are not the safest possible measure,” said Mallory Duncan, senior vice president and general counsel for the National Retail Federation (NRF) in a written statement. She added that the banks are refusing to include PINs.
Carolyn Balfany, MasterCard's safety and security expert, agreed, telling SCMagazine.com in an email Thursday that “MasterCard supports both chip-and-signature and chip-and-PIN – ultimately, it's up to the issuer to decide." Balfany stressed that "chip transactions protect consumers from counterfeit which is, hands down, the prevalent form of fraud in the U.S. PIN also protects against lost and stolen card fraud.”
The switch over to chip cards, which have been a standard in Europe for many years, is expected to boost point of sale security, hopefully, making it tougher for criminals to perpetrate hacks similar to those that struck Target and Home Depot.
“There are no silver bullets to prevent fraud. 80+ countries that have already implemented EMV have seen counterfeit fraud reduced by significant amounts – hundreds of millions of dollars,” Balfany said.
Under the new guidelines liability for fraudulent credit card activity will be shifted from the credit card companies, Visa and MasterCard, to the retailer or whichever party is the least EMV-compliant in a fraudulent transaction, said Kathy Boerner, MasterCard spokeswoman to SCMagazine.com in a Wednesday email.
Getting consumers, retailers, banks and credit cards all on the same page is proving to be a time consuming venture with some finger pointing taking place over why chip cards have not been fully implemented by the Oct. 1 deadline.
“Banks have failed to meet their own deadline for converting to chip cards, but America's retailers are open for business either way,” Duncan said, adding, “Furthermore, credit card companies have been unable to grant the necessary software and payment terminals certifications to stores nearly fast enough to meet their own deadlines. Consequently many retailers have chip-reading terminals set up in their stores, but they can't turn them on until they've been certified by the credit card companies.”
Balfany countered, saying that Mastercard does not handle software and payment terminal certification and that card distribution is growing.
“It is estimated that 63 percent of their credit and debit cards will contain EMV chips by the end of this year, expanding to 98 percent by the end of 2017,” she said, adding, “The evolution to chip technology will not happen overnight, but as issuers, merchants and consumers learn about and adopt this new payment technology, they will begin to see the benefits of a safer, more convenient shopping experience.”