New technology chips away at America’s old charge cards
The Target data breach in 2013, when cybercriminals stole information from credit and debit cards as well as the email and home addresses of more than 110 million customers, has given new urgency to calls to replace magnetic-stripe cards with new “smart cards.”
HACKENSACK, N.J. — Stores around the country are gearing up for the next generation of credit cards, and consumers can expect to see changes in checkout aisles and in their wallets in coming months.
The so-called smart cards — credit cards with embedded computer chips that can store large amounts of data and perform functions like encryption — are being hailed as the cure for data breaches that have hit major retailers.
The Target data breach in November and December, when cybercriminals stole information from credit and debit cards as well as the email and home addresses of more than 110 million customers, has given new urgency to calls to replace magnetic-stripe cards that can easily be copied by thieves and are vulnerable to fraud.
“We are seeing a lot of reaction as a result of the publicity surrounding this and a recognition that we need to have more robust systems to keep these 21st-century hackers from compromising financial information,” said Mallory Duncan, senior vice president and general counsel at the National Retail Federation.
Banks and retailers are investing in chip-card technology in a big way. Some 100 million chip cards are expected to be issued this year, but that is a tiny fraction of the 1.7 billion credit and debit cards in use in the United States.
Retailers are on track to have 4.5 million chip-card readers installed in their stores by the end of this year. Chip-capable card readers can be seen in the checkout aisles at Home Depot and Kohl’s stores. Wal-Mart’s Sam’s Club warehouse division began issuing a Sam’s Club chip card this month, and activated the chip readers already in place in its stores.
But the National Retail Federation, the nation’s largest retail industry group, is cautioning that retailers need to make sure they are investing in the smartest ways to protect customer data before spending billions.
Chip cards have been widely used in Western Europe since about 2008 and have been credited with dramatically reducing credit-card fraud.
They also are cited as a key reason foreign data thieves have increasingly targeted U.S. retailers.
The cards are usually described as having EMV technology — short for Europay, MasterCard and Visa, three card companies that developed a set of standards for chip-card compatibility.
The EMV Migration Forum, an organization that includes financial institutions, retailers and payment processors, was established to bring the various members together to introduce EMV technology in this country.
Randy Vanderhoof, director of the EMV Migration Forum, said the U.S. is going through the primary shift toward EMV chip cards, when issuers are starting to send chip cards to consumers and merchants are replacing card readers with EMV-capable systems.
“Over the next year, we’ll be seeing this rapid number of merchants that will suddenly start to get their systems enabled and active and online, and those consumers who have received cards from their financial institutions will be told how to use them,” Vanderhoof said.
Card holders who do a lot of international travel most likely have at least one chip card. Card companies also are starting to mail out chip cards as replacements for expired magnetic-stripe cards.
“I had to replace my American Express card because the magnetic stripe had been demagnetized and it wasn’t working anymore, and when they sent me my new card it had an EMV chip on it,” Vanderhoof said.
Vanderhoof said the forum is starting to hear that financial institutions are beginning to issue EMV chip cards to select customers, like frequent travelers.
“Also, Citibank has implemented a policy where if you call and request a card, they will issue you an EMV-capable card,” he said.
Those replacement chip cards will still have magnetic stripes, so they can be used at stores or restaurants that don’t have chip-card readers.
But at stores with chip readers, the cardholder will be directed to insert the card in a slot that can interact with the chip and will be prompted to provide either a personal identification number or a signature.
The Target breach, Vanderhoof said, made retailers wake up and realize that they need to move quickly to invest in chip-card readers.
The costs of chip conversion are not expected to be a problem for small retailers and restaurants with one card reader.
Those readers usually are provided by the company that handles the payment transactions.
But for retailers with hundreds of stores, a change in a card reader involves extensive retooling of its payment software and support systems.