Jan. 26--Late next year, the United States will begin to catch up with the rest of the advanced world in credit card security. We'll begin adopting hard-to-crack chip technology on credit cards.
If we'd had chips in our pockets last year, chances are that the massive data breaches at Schnuck Markets and Target would have caused consumers much less trouble. Thieves couldn't have used the stolen data to make counterfeit cards.
We'd have avoided the hassle of contesting fraudulent charges on cards, canceling them and waiting for replacements.
Western Europe, Canada and much of Asia already use "chip and PIN" technology on credit cards. Chips on the cards hold transaction information, and customers enter PINs -- personal identification numbers -- at cash registers.
America is going halfway. We'll get the chip, but we generally won't require a PIN.
Chips make it very hard -- although not quite impossible -- to make counterfeit credit cards using data stolen from banks and retailers.
Europe watched credit card counterfeiting shrink as the chips were phased in.
"No mass counterfeiting events have been successfully carried out," said Carolyn Balfany, senior vice president of product development at MasterCard.
American cards today store account information on a magnetic strip, a technology from the 1960s. Armed with stolen data, a thief can use a $200 machine to gin up phony cards by the hundreds. Works like a charm.
Some U.S. banks, such as Bank of America, are already issuing cards with chips as well as magnetic strips. Most will be adding chips by next year. The main problem is that American retailers' card readers can't read the chips. So, Visa and MasterCard next year will begin twisting arms to get retailers to install new readers.
The arm-twist involves a shift in liability for fraud. Right now, the bank that issued the card usually eats the cost of fraud. As of October 2015, that changes. A merchant without a chip reader will eat the cost if they accept a magnetic strip transaction from a card that is supposed to contain a chip.
The message to the mom-and-pop shop: Get new card readers, or else.
As of October 2016, all ATM owners will get the same treatment. In 2017, gasoline pumps come under the rule.
The chip cards look like ordinary credit cards, but with a little gray rectangle on the surface. They'll still carry magnetic strips -- at least for a while.
Instead of swiping the card, customers will poke it into the machine. Some systems let customers simply tap the card on top.
The switch to new machines will cost billions, and that's what's stopped it up to now. But the nation's big retailers are finally fed up with mass data thefts that cost them money and public trust.
The National Federation of Retailers wrote to Congress last week endorsing the change. But they want both a chip and a PIN required for credit card use.
A chip won't stop a thief from swiping a card out of your gym locker and running down to Walmart before you realize it's gone. That's where a PIN would help. But Visa and MasterCard are making the PIN optional for card issuers and merchants.
"It's like locking the back door and leaving the front door open," said Mallory Duncan, general counsel for the retailers group. "If you're going to spend billions of dollars anyway, why not require PINs?"
Duncan thinks that MasterCard and Visa are afraid they'd lose business. The issue involves the long-running dispute over charges that the credit card companies impose on merchants. When a PIN is used, the merchant has the choice of sending the data through the credit card company, or a rival network, he says.
But MasterCard's Balfany says that's not true; simply using a PIN doesn't automatically provide that option. Instead, MasterCard will give the option to card issuing banks and retailers; they can require a PIN or not.
There is always a technological arms race between financial security experts and thieves. For now, the chip-cards seem to be ahead. But thieves are clever.
Scientists at the University of Cambridge in England suspect that one thief managed to deceive a chip-using ATM system on the Spanish island of Mallorca. The chip system uses a random-number generator as part of its security system. But the scientists found that the system isn't really random.
A very smart thief could trick a legitimate card into predicting future numbers, then use a phony card to fool an ATM.
The game goes on.