New Credit Card Technology Could Make the Recent Target Heist a Thing of the Past

By Saulius Vabalas, Director, Software Engineering @ GLDS

The United States is a world leader in many things, including—surprisingly—the amount of credit card fraud that occurs each year. According to Time Magazine, there’s $12.4 billion worth of credit card fraud that occurs each year on a global scale, and of that, $5.5 billion (44%) occurs stateside.

But all of that is likely to change in the near future as the outdated technology that left American credit cards susceptible to fraud will soon be replaced.

Unlike the majority of the world, American credit cards contain 40-year-old magnetic strip technology that stores customers’ sensitive data. These strips leave customers vulnerable to identity theft and fraud as was recently evidenced by the heist of  of up to 110 million Target customers’ credit and debit information. By putting malware on the retail chain’s point-of-sale systems, hackers were able to steal sensitive information.

The credit cards held by citizens in the majority of the world, however, contain microchips with encrypted customer data on them. Additionally, if they so choose, customers can attach PIN numbers to their credit cards, providing another layer of protection. Such technology—dubbed chip-and-PIN or EMV (Europay, MasterCard, Visa)—make store credit fraud, like the situation at Target, considerably harder thanks to encryption.

MasterCard and Visa have set October 2015 as a deadline by which their cards will make the switch. But why has it taken so long for the world’s leader in cutting-edge technology to migrate to safer credit card technology?

Because American shoppers aren’t carrying chip-and-PIN cards, retailers are hesitant to invest in the infrastructure that supports such technology. But why would Americans migrate their credit cards if stores won’t be able to accept them?

Carolyn Balfany of MasterCard offers another explanation. She says that other markets migrated to the new technology first because fraud was more frequent in their markets. Once the cards were more secure, the fraudsters moved their eyes toward America. Additionally, chip-and-PIN systems can operate in offline mode, she says, a feature that was attractive in markets that didn’t have strong telephony infrastructure in place.

Whatever the case may be, the two credit card companies say that come next fall, businesses that are least EMV-compliant will face the risks associated with fraud.

“If a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card,” Balfany explains. “And the same goes the other way: If the merchant has a new terminal, but the bank hasn’t issued a chip-and-PIN card to the customer, the bank would be liable.”

The new system, she continues, is about “establishing a technological platform for the next generation of payments.” Such a platform won’t limit itself to only taking encrypted data from such credit cards. Consumers will also be able to make contactless payments, mobile payments or pay with something attached to a keychain.

What is GLDS doing to be ready for these changes?  We’ve been working closely with our credit card processing partners to ensure we are ready when they are.  While the U.S. has been slower to adopt chip-and-PIN technology, Canada has supported it for years, albeit on a small scale.  As this article is written, GLDS it working with our Canadian partners and we expect to support chip-and-PIN by the end of the second quarter of this year.  We continue to work with our U.S. processors as they adapt to the changing landscape and will adapt our payment solutions as technology allows.