In the wake of some of the worst financial data breaches in history, MasterCard (NYSE:MA) recently announced it was extending its zero-liability policy to include ATM and PIN-based (debit) transactions as well as those made with credit cards. Basically, this means that if an unauthorized charge occurs at an ATM or point-of-sale terminal with a PIN number, the cardholder will not be held financially responsible whatsoever. While this could boost consumers' sense of security for the time being, it is by no means a long-term solution to the problem of fraudulent card usage.
Zero-liability is a start
Traditionally, zero-liability policies have only applied to credit cards, and any fraudulent use of a debit card was tougher to have reimbursed. As a result, many consumers had been reluctant to use their Visa (NYSE:V) and MasterCard-branded debit cards for purchases, especially in places like gas stations and non-bank ATMs where theft of card information is more common.
One of the most common ways card information is stolen is with devices known as "skimmers" attached to a point-of-sale credit card reader, which steals the information when a customer swipes their card. These devices need to be installed discretely, which is why they are more commonly used at gas stations, ATMs, and other places where consumers swipe their own cards.
MasterCard's new policy extends the zero-liability policy to debit transactions, which means account holders will not be held responsible for any unauthorized transactions whatsoever. As of this writing, Visa's policy doesn't include PIN-based transactions, but I wouldn't be at all surprised if this changes in the very near future in response to MasterCard's policy change.
A long-term fix is needed
As a result of the massive December breach of Target's (NYSE:TGT) computer systems in which 40 million debit and credit card numbers were compromised, as well as smaller breaches at other companies like Nieman Marcus and Michaels, both Visa and MasterCard have renewed their joint effort to adopt microchip technology into U.S. credit and debit cards.
The theory is that by no longer using the magnetic strip technology currently on the backs of credit cards (which are relatively easy to replicate and steal), a large portion of credit card fraud would be eliminated. The microchips don't really address the security of online transactions, but it would definitely be a move up in card technology, and would catch us up to Canada, Mexico, and most of Western Europe, where chip technology is already widely used.
Chips are safer than magnetic strips because they use a one-time code to process a transaction and transfer data, which even if stolen would be useless. Furthermore, chip-based cards are almost impossible to copy, unlike magnetic stripe cards, which can be literally scanned and printed in seconds.
The recent breaches could kick-start the process
Stores had been reluctant to adopt the new technology because of concerns about cost and the complexity of the systems that would handle the new cards. However, after the recent breaches, it seems retailers are becoming more supportive of the new systems.
For example, Target is implementing a $100 million plan to integrate chip-based card technology into all of its stores, and will have new payment terminals up and running in September. In addition, Target is going to issue its own chip-based cards in a joint effort with MasterCard, making it the first retailer to do so.
As if theft wasn't a big enough reason to complete the upgrade of technology, there is set to be a "liability shift" in October 2015. Basically, after that time, the costs incurred from card theft will fall to the party with the least advanced (and most vulnerable) technology. So, if the bank issuing the cards has chip technology, but the retailer doesn't, the retailer will be responsible for the costs involved.
One thing is clear – consumers need to feel secure with their method of payment for goods and services, or they'll find another one to use. For example, an Associated Press poll conducted in February found 37% of Americans had made a conscious effort to pay for purchases in cash, rather than use credit or debit cards, in the wake of the data breaches. Nearly half of those surveyed said they were extremely or very concerned about retail stores' ability to keep their information safe.
If this attitude toward card usage continues, it could be very bad news for Visa and MasterCard, as well as for the banks that issue their cards. That's why the shift toward the latest and greatest technologies and security methods are absolutely imperative if the credit card industry is to continue to thrive in the United States.