The credit card data breach at Target last month – and now revelations that hackers intercepted some Neiman Marcus data – has top executives in the retail industry looking for answers. One answer may be a different kind of credit card technology.
In an interview with CNBC, Target Chairman and CEO Gregg Steinhafel threw his support behind a switch to a chip and PIN-number system that would replace the current credit and debit cards that contain information on a magnetic strip. This system is not exactly a new, revolutionary breakthrough. Much of the rest of the world have been using it for years.
The system is known as EMV, which stands for Europay MasterCard and Visa. It is the world-wide standard for so-called “chip” cards used to make purchases at stores and transactions at ATMs. Instead of loading the customer's billing information on the strip, the data is encrypted on a tiny chip.
Security experts say it's better and more secure that card technology now in use in the U.S. Here's why: the use of a PIN and encrypted data provides authentication to the processing terminal and the bank or lender that issued the card. The chip creates a new code for each transaction. While the system is not foolproof – it is possible to intercept the data – it's of little use to the hacker. They are unable to create a duplicate chip card to use the stolen data.
However, they can create one of the old fashioned magnetic strip cards now used in the U.S. If the U.S. were to adopt the chip system, some security experts believe the European system would be even more secure.
It'll take money
So why hasn't the U.S. switched to the chip card technology? The short answer is “money.” It would require a huge infrastructure investment, replacing technology throughout the system. It would, of course, also mean replacing every credit, debit and charge card currently in use in the U.S.
But the planets may be aligning for such a move. While the credit card industry would be writing some very large checks, it might come out ahead in the long run.
Under the current system, the card issuer assumes liability for fraudulent transactions if the consumer reports it in a timely manner. In Europe, the chip card technology has resulted in something of a "liability shift," with the cardholder being liable unless they can prove they were not present during the transaction or did not somehow authorize it. There's no guarantee such a switch would be attempted in the U.S. but consumers should remain aware of the possibility.
Retailers like Target may also have a strong incentive to embrace new credit card technology, even at considerable added cost. Target became a defendant in class action lawsuits almost as soon as the data breach was announced last month. Also, it has lost a big chunk of its "engagement" with customers, something that can be measured directly in lost sales.
Also interviewed by CNBC, Macy's CEO Terry Lundgren stopped short of endorsing the EMV system, but signaled his openness to changes.
"The retailers, the banking industry, and the credit card industry should be working very closely together to figure out what is the right technology to protect the consumers,” he said.
The credit card companies, meanwhile, already have the technology to make the switch since they have to produce cards for use by European consumers. MasterCard has already signaled that it is on board.
“There is also great demand from issuers, acquirers, merchants and consumers for stronger safeguards to secure card transactions,” the company says on it's website. “An upgrade to the EMV standard enables safer, smarter and more secure transactions across cards, contactless, mobile, and remote payment channels. It also enables us to offer consumers the next generation of digital payment innovations.”