As someone whose debit cards were canceled by their bank out of an abundance of caution following data breaches at Target and then Home Depot, I'm in favor of upgrading our payment processing system to enhance security and protection.
While my accounts were never compromised and I never lost money, updating payment information with dozens of businesses and utilities is time consuming. Having to do it twice within one year is a hassle I'd prefer not to repeat.
Sign and drive cards
The new chip-and-signature system supported by Visa (NYSE:V) and MasterCard (NYSE:MA), which is being rolled out by major credit card issuers including top issuer JPMorgan Chase (NYSE:JPM) and Bank of America (NYSE:BAC), ought to be an improvement over the status quo.
Cards with magnetic stripes are the primary target for hackers, and the U.S. is one of the few developed countries moving toward chip-based cards. Chase expects to replace 90% of its cards this year, while Bank of America said a "majority" of its cards will be replaced. Others are waiting for your current cards to expire.
To make a transaction, the new chip-enabled cards are inserted into registers rather than swiped, and they aren't released until a customer signs for the transaction. Given that counterfeiting accounts for the largest percentage of credit card fraud, proponents say the new system ought to limit losses and the frequency with which banks have to reissue cards.
But cue the record-scratch sound effect. The world's biggest retailer, Wal-Mart (NYSE:WMT), says the new system won't do a thing to stop fraud.
Full of sound and fury, signifying nothing
At the Electronic Transaction Association's TRANSACT conference in San Francisco last week, CNN quoted Wal-Mart Assistant Treasurer and Senior Vice President Mike Cook as saying "signature is worthless as a form of authentication." By not requiring a personal identification number, the new system upgrades are "a joke," he said. He might have a point.
First, not too many clerks even bother checking a credit card signature anymore, and I can attest that the squiggle I make at the register has yet to raise an eyebrow. Second, the rest of the developed world -- and even a good number of undeveloped countries -- have already moved to more advanced technology to counteract credit card theft and fraud.
Canada and many countries throughout Europe and even Africa have adopted Wal-Mart's preferred security enhancement, chip-and-PIN technology. Requiring a PIN at each transaction, instead of a signature, addresses both the losses resulting from counterfeiting and the use of lost or stolen cards since card data is worthless without the PIN. Data breaches ought to be minimized since hackers can do nothing without a PIN.
A pretty penny
But the advance comes at a cost. Implementing PIN technology for credit cards would require investments running into the billions to upgrade software and hardware across businesses, banks, and merchants. It's probably not insignificant, either, that banks also make less money on PIN-based transactions than they do on signature-based ones.
Yet it's not completely fair to say the banks are only driven by the money involved. They say the expensive chip-based technology itself is already on the decline and cardless solutions are the future.
The rise of tap-to-pay services such as Apple (NASDAQ:AAPL) Pay and Samsung (NASDAQOTH: SSNLF) Pay obviate the need for a physical card in a purchase, so why finance a huge upgrade when it will be obsolete in a few years anyway?
Retailers, though, are proving resistant to adopting a technology that consumers seem to be clamoring for. My colleague Daniel Kline recently wrote that one survey found that 11% of all credit card-owning households and 66% of iPhone 6 owners have adopted Apple Pay, but they're growing dissatisfied with its limited presence in the marketplace, even among retailers who say they offer it.
And customers may not ultimately like chip-and-PIN once they read the fine print. With many issuers, consumers could be liable for transactions made using a PIN even if their number was compromised. American Express (NYSE:AXP), for example, says that while it will review each claim individually, "If you have not taken reasonable care to protect your Card and PIN you will be held liable for any fraudulent transactions."
Choices without much effect
So on the one hand, banks and payment processors are balking at the costs of an upgrade. On the other hand, merchants like Wal-Mart are looking to limit the risks associated with breaches (and the hits to their reputations) but are pushing a technology whose shelf life may already be running out. Both sides, it seems, are giving consumers half measures that might not provide sufficient fraud protection or convenience.
As a result, U.S. cardholders will likely experience additional rounds of hacking and data breaches until a better, more broad-based technology is implemented. And I'll be keeping the companies that send me bills on speed dial in anticipation of the next round of card cancellations.