Credit Card Security

Americans were shocked when Target, the retail giant, said in December 2013 that hackers had stolen the credit card numbers of tens of millions of customers. People in much of the rest of the world might have been shocked, too, but for a different reason: The extent to which U.S. credit and debit cards still rely on outdated security technology. How long will the country that invented credit cards lag behind? Target’s debacle helped hasten the timetable for a switch to a more effective system that’s already widely used in Europe and parts of Africa, Latin America and Asia. However, the changeover hasn’t been simple in the highly competitive U.S. payments marketplace, where an array of banks, payment networks and retailers are engaged in a continual struggle for advantage. And as the Target theft showed, no system is more secure than its weakest link.

In the U.S., the big transition to the new technology, known as EMV, which adds a computer chip for verification, started in October 2015. That's when the burden of liability for credit card fraud shifted to banks or retailers that hadn’t switched to the new technology. The changeover was more than a little bumpy. Some retailers hesitated to switch because of the cost, while others wanted to spare customers what was initially an extra 15 seconds per transaction. But analysts predict more than 80 percent of credit cards and nearly 60 percent of debit cards will be EMV-capable by the end of this year. All the while, a fight has been brewing between payment networks and retailers over whether chip cards should require customers to enter a PIN or their signature. And in the aftermath of the transition to EMV, retailers including Wal-Mart Stores Inc. and the Kroger Co. have sued Visa Inc. and MasterCard Inc., saying the fees they’re charged for debit-card payments have climbed. After spending $30 billion to $35 billion on the switch to EMV, retailers are in no mood to pay credit-card companies more than they have to.