Target is taking a lot of heat for the theft of personal information and credit card from about 110 million shoppers as a result of malware installed on the company’s payments system. Target is trying to clean up the mess, and a great many people are being inconvenienced, to put it mildly. In looking for someone to blame, though, forget Target. If the card companies hadn’t been so cheap and lazy, this probably wouldn’t have happened.
America, the land where the credit card and ATM were born, is years behind most other developed countries in credit card security. Hell, Forbes notes that we’re even behind the North Koreans, and they don’t even have money!
The cards we all carry in our wallets have all our personal information on the magnetic strip that you’ll see on the back. That became obsolete in Europe in the 1990s with the introduction of the EMV [Europay/MasterCard/Visa] card with a microchip embedded in it. The encrypted data on the chip is vastly more hacker resistant than the information held on a magnetic strip.
The Federal Reserve estimates that bogus transactions in 2012 (the most recent year for which we have good data) cost us $4 billion, or about $8 for every $10,000 spent. America generates 25% of card transactions in the world and 47% of all fraud losses. And we pay for it as a group with higher rates and prices. Repeat after me: “USA! USA! USA!”
Why are we so damned backwards that we lag behind North Korea in this technology? Well, switching would cost money. An EMV card costs about $1.25 to make — four to five times more to produce than a magnetic strip card. There are about 1.5 billion cards in the U.S. right now that would need to be replaced at a cost of about $1.85 to $2 billion. That’s half of what we collectively got taken for last year.
But the banks don’t want to spend the money. Their excuse? The retailers don’t have the technology needed to read EMV cards. There are about 12 million readers that would cost $100 each to upgrade — that’s $1.2 billion. Until the retailers can read the cards, the banks won’t issue the EMV technology. And here’s the catch-22: the retailers won’t upgrade their readers if there aren’t any EMV cards for them to read. But collectively, switching over would start paying for itself in the second year.
Mercifully, the dumbassery is ending. The fraud problem has finally embarrassed too many CEOs. So starting in October (how’s that for a sense of urgency?), the banks have agreed to issue EMV cards for new accounts and when old cards expire. In return, the retailers have agreed to put in place readers by October 2015 (how’s that for the efficiency of the free market?). Starting in November 2015, any fraud caused by a non-EMV card will be the bank’s problem, and any fraud caused by a retailer not having EMV-friendly readers will cost the retailer.
Isn’t that great? It will take only 22 more months to fix a problem we could have solved 20 years ago.