Protecting Your Credit Card With Chip and Pin
NEW YORK ( MainStreet) There are lots of reasons why America's credit networks remain insecure, but the two biggest are costs and liability.
It's obvious that the magnetic stripes on the back of current credit cards don't carry enough data to protect identities or transactions. Hacking is now done on an industrial, global scale. But solving the problem will take money, and banks want to pay for it by shifting the liability for fraud to merchants.
Authorities now think the recent Target breach began with eastern European hackers who got malware into cash registers and may have accessed central databases. It has resulted in the arrest of two Mexican nationals using the stolen numbers . The numbers were supposedly obtained online.
The Target breach makes clear that the mag-stripes on the back of today's credit cards, and the processing networks they connect with, can't keep up with what criminals can do to break them. Terminals and cards have to be replaced, and networks updated.
The solution is called " chip and pin " technology. It has been used on European credit cards for a decade. It isn't perfect but it's much better than mag-stripes.
Such cards use a computer chip called an EMV chip instead of a mag-stripe (EMV stands for Europay, MasterCard, and Visa, who cooperated in creating the technology). The chips contain a random number generator which creates a " digital signature " for each transaction using a four-digit PIN input by the customer. No data will get stored or transmitted "in the clear," and the encryption for each transaction is unique. Thieves can't use a stolen credit card without knowing the PIN number.
It will cost money to implement chip and pin. All consumers will need new credit cards. Merchants have to get new terminals . Clerks have to be retrained to use the technology.
Small merchants will likely wait for their acquiring banks to change out terminals. Larger merchants may pay for their own replacements, with an eye toward future updates in technology.
Companies like Square that currently sell mag-stripe based transaction processing systems will have to match competitors like Payleven that have already introduced mobile chip and pin systems in Europe.
Still, the old technology has one key advantage. Customers can get back what is stolen from them. Merchants are not liable for fraud.
To push chip and pin, banks plan to change that, altering liability rules for merchants by October 2015. Visa U.S.A. documents call this date the "liability shift." Instead of issuing banks taking responsibility for fraud, acquiring banks will be on the hook for it.
Your issuing bank is named on the front of your card. An acquiring bank is hired by the merchant to process their transactions and get their money from you. Credit card networks handle the dance between issuing and acquiring banks, with processors handling the details and passing out the money.