The enormity of the Target security breach may well be the catalyst that convinces banks that credit and debit card fraud is fast becoming too large an expense to be written off as merely a cost of doing business.
And that realization -- above anything else -- could just prompt big credit card-issuing banks such as JPMorgan Chase (NYSE:JPM), Bank of America (NYSE:BAC), and Citigroup's (NYSE:C) Citibank to adopt a more secure type of credit and debit card sooner than previously expected.
U.S. leads the globe in card fraud losses
As the three largest credit card issuing banks, the aforementioned institutions have a lot to lose if the scope of the Target security breach becomes the new normal. Currently, the U.S. is responsible for half of the world's $11.3 billion in card fraud losses, an amount set to escalate if point-of-sale malware infiltration, like the type suffered by Target, continues to rise.
We're in this sad state of affairs because banks remain fiercely attached to the "magstripe" card system, in which gobs of consumer information reside -- data that hackers have become adept at liberating and putting to their own nefarious uses.
A question of cost
The alternative, EMV, uses a microchip to store customer data and use of a PIN, rather than a signature, at the transaction site. The technology, created by Europay International and credit companies MasterCard and Visa, is used almost everywhere else in the world and makes hacking data much more difficult.
But setting up the new system will be pricey, and banks and retailers have balked at the cost. Up until the Target incident, banks considered fraud a tolerable business expense, knowing that replacing compromised magstripe cards costs about $0.50, compared with the fistful of dollars it would take to issue a new chip-and-PIN card.
Attitudes appear to be changing, however. At the National Retail Federation's conference in New York last week, the consensus of opinion leaned toward tightening card security, and EMV was bandied about as the most obvious method to do so.
While retailers seem to be getting on board, it's unclear where banks stand. JPMorgan announced that it has already replaced 2 million of its 23 million debit cards, and Citi is on track to replace all of its issued debit cards that may have been compromised in the breach. Bank of America hasn't done any large-scale reissuance of cards but says it is monitoring the situation.
Banks may come around, especially since card issuers are under pressure by MasterCard and Visa to begin issuing the new cards this coming October. Retailers will need to have new readers in place by October 2015, and fraud liability will fall entirely upon the party that hasn't fulfilled its part of the chip-and-PIN conversion scenario by November 2015. Perhaps, because of the Target fiasco, those dates will be moved up by several months.
Let's hope the changeover will go smoothly. After all, as JPMorgan CEO Jamie Dimon commented: "This might be a chance for retailers and banks to ... work together. ... [A]ll of us have a common interest in being protected."