According to The Economist, the United States has the highest rate of credit card fraud of any developed nation, a rate far, far higher, than European Union nations, as well as far higher monetary losses. This isn’t necessarily just because we have more credit card thieves, which we apparently do, but also because the United States has far more credit cards and, equally important, has lagged behind the E.U. in adopting the so-called “pin and chip” credit card that contains a microchip with security features. The “pin and chip” system means effectively that it is far more difficult to use a stolen card or card number.
American business has lagged in employing this system, although Target, the latest and largest victim of hacking and the theft of tens of millions of credit card numbers and user names, is now looking into developing and issuing credit cards with greater security features. The reason for the delay? The new systems will cost more to install and implement, because new card readers will be required.
Or, in other words, until the losses to business make it clear that it’s “cost-effective” for them, regardless of the costs and hassles to consumers, they really don’t want to adopt a new and more secure system. These are also the men and women who, not unanimously, but overwhelmingly, try every method they can to reduce their costs. They beg their consumers to “go paperless,” claiming that doing so will benefit consumers while their real reason is to reduce their own paperwork burden. They’re the same retail executives who employ part-timers so that they won’t have to pay health benefits, who cut middle-management and overwork the survivors, and who outsource overseas anything they can to reduce costs, disregarding what it does to both their employees and the economy as a whole.
Yet when it comes to reducing the burden of fraud on their consumers, most are notably silent, or even oppose any improvement because it will increase their short-term costs. Just as cleaner environmental production and distribution systems might do… or health insurance or living wages. Fancy that.
My ‘favorite’ example of this sort of thing is the debate over cell phone kill-switches that render a stolen phone unusable. Although the technology has been available for a long time (Australia has required it since the early 2000s) wireless carriers in the US have fought attempts to require it here.
Why? Well, the reaction of someone who has just had their $400-800 smartphone ripped out of their hands downtown is to . . . go over to their wireless provider’s store and buy another one.
Thankfully, the battle here looks like it is won – Apple introduced a kill switch last year and several influential states are introducing legislation requiring it.
Welcome to the modern age where businesses are run by accountants and the executives are mostly shielded from the poor decisions they make based solely upon monetary costs. I’d be greatly surprised if executives at Target won’t loos much, if any, bonuses even though the breach is expected to cost well over one billion USD.
Target attempted to lead the US payments industry into adoption of chip-and-PIN. They partnered with VISA in 2001 to launch both new Target Visa cards with chips and to implement new checkout systems enabled with the technology. By 2004, they had something like 9MM smart cards in circulation and over 30 thousand checkout terminals enabled in more than a thousand stores. They spent something like $30MM to $40MM on the program before killing it, in part because no other major retailers and card issuers were implementing similar programs, and in part because the system slowed checkout times relative to mag-stripe systems.
It is ironic that it’s Target that had the recent breach that will likely push the US to accelerate adoption of the more secure standard. What’s even more ironic is that Target, in attempting to lead the market over a decade ago, had such a miserable and public failure with the chip adoption effort that it likely delayed adoption by other issuers and retailers….which in turn made the current breach even more severe.
So, yes, business executives often do make decisions based on short-term finances, but in this case, there’s a bit more to the story than the simple “bean-counting corporation screws over millions” that most stories about the breach suggest.
It’s still the simple bean-counting corporations — it was just a different set that didn’t want to implement it, and as a result the company that wanted to do so first got screwed twice, while the laggard bean-counters didn’t.
We are well past the time when the credit card companies should be putting a Chip and Pin on all cards – including debit cards. Just because the large retailers don’t like it does not render the idea or the need to implement it moot.