Time for chip and PIN cards?
Credit and debit card (credit card news) security has been a huge issue as of late (financial data security news), given all the breaches at Heartland Payment Systems and others. The crime wave has revived talk of new smart card technologies and whether the U.S. is missing an opportunity by not embracing this approach wholeheartedly.
In one view, the technology is proven and should therefore be embraced. Countries like the U.K., which have moved to adopt the technology, have seen an impressive decline in credit card related fraud. Most credit the chip and PIN approach, which calls for a card user to issue a PIN when he or she makes a purchase. That PIN would be generated digitally by the card system, resulting in unique one-time only PINs.
In theory, this is a terrific system. Think about all those sophisticated breaches that snared so many credit card numbers. If the chip and PIN approach had been in use, the "Smart Card technology would have rendered the whole endeavor useless," argues Phil Lieberman, CEO of Lieberman Software in Network World. But the reality is often not what one would predict.
In the U.K., card fraud has certainly declined, but these gains have been mainly in in-store fraud. Total losses from such fraud fell from $356.5 million in 2004 to $160.5 million in 2008, according to statistics noted by Bankrate.com. The problem is that "card-not-present" fraud--that is, fraud using cards over phones or the Internet--has exploded, from $198.9 million in 2003 to $535 million in 2008. In theory, a smart card approach would solve this. Just stealing the credit card number would not be enough to use via phone or the Net. But many cards in the U.K. are essentially dual use cards; they can use either the chip and PIN approach or the old magnetic stripe approach. And therein lay the problem with card-not-present fraud.
To some, this suggests that the industry should make a clean break and embrace smart card technology without the option of relying on the old magnetic stripe. But that is not happening for a variety of reasons, one of which has to do with the ultimate liability. "Because card issuers are not liable for losses that stem from their use of static cards (which are much cheaper than Smart Cards), they have chosen not to modernize their card infrastructure. That punishes merchants and processor companies such as Heartland," Lieberman writes.
Another issue is costs, which are high when it comes to a mass conversion. There may be other technologies more suited to the task. Many companies, such as Heartland and VISA, are experimenting with end-to-end encryption. Henry Helgeson, CEO of Merchant Warehouse, favors a new technology from MagTek that "is inexpensive, effective and very efficient." Iron particles are sprayed onto the magnetic stripe, essentially giving each card its own fingerprint, which could be used for authentication.
So no matter how you slice it, you get the feeling that chip and PIN wasn't meant for the U.S. - Jim
SHARE WITH:
Comments
Post new comment
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2010 FierceMarkets. All rights reserved. |
 |