The poorly planned, poorly executed transition to chip-enabled credit cards claims another victim. This time, it’s not just the everyday American consumers stuck with lackluster security measures and it’s not just the nation’s retailers who have endured costly equipment upgrades while taking on more financial liability. This time, it’s VeriFone – a $2 billion company that provides technology for processing in-store credit card purchases – whose stock price plummeted recently because of delays in certifying new payment terminals.
The transition from swiping your old magnetic stripe credit card to dipping your new chip card – also known as the EMV transition – has been mired in controversy here in the U.S. and unnecessary delays largely due to the credit card companies’ inadequate preparation. In an earnings call recently, VeriFone CEO Paul Galant explained “the EMV bottleneck in the U.S., driven by integration and certification complexity and testing delays” took a costly toll on their bottom-line.
Not surprising.
VeriFone’s concerns are similar to those voiced by retailers – small and large – across the country as they criticized the credit card industry and banks for delaying technology specifications, hardware shortfalls, impractical timelines and understaffed certifiers who had to sign off on each and every new chip-enabled payment terminal before they could be used.
This confluence of factors left many retailers unprepared for last year’s liability shift deadline and on the hook for a greater share of credit card fraud expenses as a result. Worse, it still left the consumers who patronize those stores vulnerable to credit card fraud itself.
While the transition to chip cards was a step in the right direction – albeit executed poorly – there are still security vulnerabilities that remain because banks and credit card companies did not adopt all the payment security tools that are available to them.
The chip cards issued these days have one critical flaw – they don’t use a personal identification number (PIN). Instead, the cards continue to use utterly useless signatures as a method to verify the cardholder. An unrecognizable and universally ignored doodle at a checkout stand isn’t difficult for thieves to overcome – leaving consumers vulnerable to common credit card fraud.
For that reason, many experts have long advocated for credit cards that combine the worthwhile security enhancements of the embedded chip with a numeric passcode which only the cardholder knows. But you don’t need to take my word for it, the chip and PIN model has been in place abroad – including Europe and Canada – for years and has drastically reduced fraud.
So why then have the banks and credit card companies caused so much carnage for new credit cards that aren’t as secure as they should? Money.
As it has been widely reported, credit card networks make more money processing transactions that rely on signatures than they do processing transactions that use PINs. Since large credit card companies like VISA and MasterCard have a lucrative grip on the networks that process those signature verified transactions, they want to protect those networks from the competition PIN transactions would pose.
If that sounds like an egregious exploitation of market power to you, you’re not alone. Major retailers like Walmart and Home Depot are suing VISA and MasterCard over this very matter.
So where widespread public calls to adopt the chip and PIN model has thus far failed, maybe a protracted legal battle will succeed. Let’s hope it’s finally enough to persuade the banks and credit card companies to do the right thing for consumers, retailers, and all the other beleaguered businesses left in their wake.
Steve Pociask is president of the American Consumer Institute, a nonprofit educational and research organization. For more information about the Institute, visit www.theamericanconsumer.org or follow me @ConsumerPal. This was originally published in FORBES.