The Providence Journal (R.I.), Nov. 27:

As the holiday shopping season swings into gear, Americans are getting out their plastic – and hackers presumably are getting to work. In the world of U.S. retailing, data theft has become a dark new tradition, making shoppers uneasy and costing banks and merchants billions of dollars in fraudulent losses.

On Oct. 1, a new, more secure card system was scheduled to take effect. Credit and debit cards were to be issued, each with a new computer chip embedded. The chip, which replaces the old magnetic stripe, protects personal information and creates a unique code for each transaction. Cardholder data encoded in magnetic stripes is much easier to steal; magnetic-stripe cards are also easier to counterfeit.

But, as those still carrying the old-style card can attest, the system is off to a slow start. According to a New York Times report, many banks have just begun to issue the new chip-enabled cards. The process is expected to continue well into next year.

Further, chip cards require expensive new readers. Early reports suggest that they take longer to use than the old swipe-and-sign machines. As of the Oct. 1 deadline, set by card issuers such as Visa and MasterCard, liability for fraudulent purchases shifts to retailers who lack the new readers. But those who do not yet have these devices up and running may be reluctant to switch just now, for fear of slowing holiday sales.

While the new system (once it finally arrives) will be superior to the old, it still has some drawbacks. Banks, supposedly wary of inflicting too much change on Americans at once, will ask them to dip their cards in a reader and sign. In the more secure system long used in Europe, holders of chip cards employ a secret PIN number with each chip-card transaction. Unlike a hastily scrawled signature, the PIN can verify the user’s legitimacy. It can also thwart use of a lost or stolen card.

Americans traveling abroad may find that their cards are not accepted, and will have to make adjustments. And unfortunately, chip-and-PIN does little to deter fraud in online sales. Yet where it is in wide use, the chip-and-PIN system has dramatically reduced other kinds of fraud.

Many Americans are frustrated and baffled by the slow progress, despite the recent proliferation of data breaches, including an infamous one at Target in December 2013. (In that incident, 40 million debit and credit card numbers were stolen.) A big reason for the delay is a growing battle, between banks and retailers, over who should finance the system.

Merchants are livid over the fees they must pay to process transactions; last year, such charges were estimated to reach about $61 billion. In contrast, fraud losses totaled about half that amount. Merchants further complain that it is they who must pay for installing the expensive new terminals – even though the terminals essentially protect banks. The banks, in turn, blame retailers for what they say are overly lax security systems.

The biggest losers in this struggle may well be small businesses, which are staggering under the weight of expensive swipe fees combined with the cost of installing the new chip readers.

For the economy’s sake, as well as shoppers’, Congress and federal regulators should monitor this transition, and ensure that banks and retailers each assume their fair share of the costs – costs, of course, ultimately passed along to consumers. (One element of the Dodd-Frank financial reforms was a cap on debit-transaction fees, which provided some relief to merchants.) Given the strongly consumer-oriented nature of the U.S. economy, neither fraud nor excessive fees should be allowed to mar the holiday shopping season.

Copy the Story Link

Comments are not available on this story.