NEW YORK — Visa and MasterCard are renewing a push to speed the adoption of microchips into U.S. credit and debit cards in the wake of recent high-profile data breaches, including last week’s revelation that hackers stole consumer data from eBay’s computer systems.
Card processing companies argue that a move away from the black magnetic strips on the backs of credit cards would eliminate a substantial amount of U.S. credit card fraud. They said it’s time to offer U.S. consumers the greater protections microchips provide by joining Canada, Mexico and most of Western Europe in using cards with the more advanced technology.
Chips aren’t perfect, said Carolyn Balfany, MasterCard’s group head for U.S. product delivery, but the extra barrier they present is one of the reasons criminals often choose to target U.S.-issued cards, whose magnetic strips are easy to replicate.
“Typically, fraudsters are going to go to the path of least resistance,” Balfany said.
The chip technology hasn’t been adopted in the U.S. because of costs and disputes over how the network would operate. Retailers have long balked at paying for new cash registers and back office systems to handle the new cards. There have been clashes between retailers, card issuers and processors over which processing networks will get access to the new system and whether to stick with a signature-based system or move to one that requires a personal identification number instead. These technical decisions impact how much retailers and customers have to pay — and how much credit card issuers make — each time a card is used.
The disputes have now largely been resolved. And the epic breach of Target’s computer systems in December, which involved the theft of 40 million debit and credit card numbers, along with smaller breaches at companies such as Neiman Marcus and Michaels, helped garner support for chip-based cards among retailers who were previously put off by the costs.
Chip cards are safer, argue supporters, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer’s register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards, say experts, are also nearly impossible to copy.
For its part, Target is accelerating its $100 million plan to roll out chip-based credit card technology in its nearly 1,800 stores. New payment terminals will appear in stores by September.
Even so, the protections chips provide only go so far, according to opponents who note that chips don’t prevent fraud in online transactions. Some opponents also point to other technologies, such as point-to-point encryption, as better long-term solutions.
Ken Stasiak, founder and CEO of SecureState, a Cleveland-based information security firm that investigates data breaches, said that while chips would be a big security improvement, they wouldn’t have stopped the hackers from breaching Target’s computer systems where they also stole the personal information, including names and addresses, of as many as 70 million people, putting them at risk of identity theft.
“Chip and pin is just another security component,” Stasiak said. “What matters is how companies like Target use consumer information, how they protect it.”