So you've been hacked, America: Ready for EMV now?
By Georgie Miller
The recent hacking of the Target and Neiman Marcus databases has many consumers worried about the security of their information. It seems like the technology used to store personally identifiable information should be better than it is today, but unbeknownst to many U.S. consumers, other countries around the globe have used a more secure technology for almost a decade.
What is this technology, you ask? It's involves EMV or "chip-and-pin" credit cards. Unlike the credit card with a magnetic stripe (magstripe) on the back that is probably in your wallet now, chip cards contain a microchip. Transactions made using cards with EMV chips don't reveal your account number to the merchant. This means that even if the merchant is hacked, your account would presumably be safe.
EMV cards have gradually been becoming the norm in other countries, especially those in Asia and Europe. In fact, consumers who travel internationally may already have with EMV-compatible cards. So why has the U.S., which prides itself on being on the cutting edge in all things, not adopted EMV already? Both cost and path dependence are likely factors.
Cost and EMV
To make a complete switch to EMV cards, obviously every credit card that uses the traditional magstripe needs to be replaced. That means not only paying for all that new plastic, but also the mailing materials and postage required to get them out to the customers. The microchips themselves also cost more than magstripes do.
And those are just the costs to the credit card companies. There would also be a cost for merchants. Typically, merchants own or rent their credit card-processing machines, called point-of-sale (POS) systems. Switching to EMV may mean expensive updates to POS systems.
Path dependence and EMV
Simply put, path dependence is the idea that once we make a decision, it is hard to make a different decision going forward. Change is hard even when you know that the circumstances leading to your original decision are no longer applicable. In this case, the decision is using magstripe technology on credit cards.
Magstripes may have been the best technology 40 years ago, but they clearly aren't the best technology anymore. Yet switching is not only expensive for credit card companies and merchants, but consumers may not trust something "new." So the industry has continued to use the old technology, making it easier for hackers to get personal financial information and ruin lives.
The future of EMV in the U.S.
One of the factors that fostered consumers' dependence on magstripe technology was that when EMV cards were first introduced, the U.S. had a much lower level of fraud than other countries did. However, as other countries have switched to the improved technology, the U.S. has become comparatively easier to hack. This may be one of the reasons there have been so many massive breaches of corporate databases recently.
Merchant incentives for EMV transactions have been in place since 2011. Some credit card companies are phasing in EMV cards over the next several years as individual consumers' magstripe cards expire, and Visa has reportedly told its merchants that those who do not offer EMV by the end of 2015 may be held liable for counterfeit transactions. And as highly-publicized attacks like the one on Target draw attention to the outdated technology behind magstripes, consumers seem likely to demand a higher level of protection -- even if it means change for everyone.