domingo, 13 de abril de 2014

Encrypted chips help fight credit card fraud




Experts say 90 percent to 95 percent of credit cards in the U.S. will have the chips within two years.

DES MOINES, Iowa -- Bruce Schmiedlin does not worryabout a criminal counterfeiting his credit card. The Grimes accountant's MasterCard is embedded with an encrypted chip that requires a personal identification number to access.


The cards represent the latest weapon in the battle against counterfeiters. Industry experts say 90 percent to 95 percent of credit cards in the U.S. will have the chips within two years.

Just 1 percent to 5 percent of U.S. credit cards use the technology now, they say.


Schmiedlin said he had a run-in with a cashier about the card. The worker had never seen an EMV card, which is named after three organizations — Europay, MasterCard and Visa — that first advocated for them. He became confused when he swiped the card and received a message asking him to insert it into the EMV-compatible terminal.

"As a consumer, I was disappointed (card issuers) didn't give any education for consumers to help the merchants," Schmidelin said of his run-in.

Personal data and credit card fraud remains fresh in consumers' minds following a theft of personal information at Target stores during the holidays. In December, Target admitted that more than 40 million credit and debit card accounts were breached in one of the largest thefts of card accounts in U.S. history.

Experts admit the new EMV cards won't eliminate fraud if a card is lost or stolen; they are aimed at reducing counterfeiting. According to the U.S. Department of Justice, one-third of fraud reports are related to fake cards, the largest percentage of credit card fraud.

While the U.S. has been slow to adopt EMV, the cards have been around for more than a decade. Experts say the U.S. is the last major nation to adopt it as a standard.

For now, the cards have both the familiar magnetic strip and the chip. But the goal is to eventually transition all credit card holders to chip-only cards.

The Members Group, a Des Moines card issuer, first issued EMV cards in 2010. Brandon Kuehl, product manager for the company, said the U.S. has been slow to adopt because there are so many industries involved in payment processing.

"Here in the U.S., we have a lot of people who have a lot of business interests and a lot of hands in the pie," he said.

In December, officials who run debit networks announced the formation of a coalition that would track the implementation of EMV cards to ensure it is done fairly.

Paul Tomasofsky, executive director of the new Debit Network Alliance, said counterfeiters will have a tougher time with EMV cards. "Today, it's relatively easy to create fake cards," he said. "In the chip world, it becomes much harder."

EMV cards have small chips embedded in them that are, essentially, small computers encrypted with personal information. That personal information remains blocked to any card readers until a consumer enters a PIN to activate it.

Entering PINs could get burdensome as consumers with multiple cards transition to EMV, said cyber security expert Doug Jacobson.

"There is a lot of resistance to changing over to smart chip-based credit cards," said Jacobson, who runs Iowa State University's information security program. "Most Americans, they have several cards. Remembering a PIN on one card is a challenge. But on 10 cards? You'll have to have a cheat sheet."

MasterCard issued a mandate that says issuers and merchants must come on board by Oct. 1, 2015, or face a greater liability for credit card fraud instances.

As more merchants adopt EMV, consumers like Schmiedlin could increasingly face frustrations with untrained cashiers. However, the trade-off of a safer credit card industry battling fraud is worth it, he said.

"Even if they get your swipe data, if everyone goes over to the chip readers, that will be a whole lot harder to produce," he said. "It's a step in the right direction."

USA TODAY