Are Chip-and-PIN Credit Cards the Way of the Future?
By Eva Norlyk Smith, Ph.D.
May 24, 2010
With credit card fraud on the rise all over the world, a growing number of countries are adopting the co-called chip-and-PIN card technology. But despite their fraud-preventive virtues, it is questionable whether these so-called “smart cards” will find their way to the U.S. any time soon.
Chip-and-PIN cards are credit or debit cards with an embedded microchip, which contains the cardholder’s PIN number. Credit card transactions are not complete until the cardholder enters the matching PIN into the payment machine keypad during credit card transactions. This provides faster transactions plus savings in processing costs, as well as much greater safety. In the U.S., anyone can pick up a lost or stolen credit card and start making purchases, since there is no way to verify customer signatures. Chip-and-PIN cards effectively protect against this type of fraud, since no one can use the cards without the authentic PIN number.
Chip-and-PIN credit cards were introduced in Europe as early as 2004, and most E.U. countries have already adopted them or are in the process of converting to the new technology. In Canada, the conversion began in 2008, and 65 percent of debit and credit cards are now chip-enabled with full conversion expected by 2015.
Despite the safety advantages, U.S. card issuers, however, are in no hurry to adopt the technology. The cost to implement the chip-and-PIN system is deemed too high for both card issuers and merchants for the benefits gained. In addition, many question whether U.S. consumers would willingly adopt the new technology.
Many Canadian consumers have protested against the chip-and-PIN cards, claiming that they add too much extra hassle. Since using different PINS for each account is advised, consumers often have to memorize several numbers. To pay with chip-and-PIN cards in restaurants, the waiter must deliver a keypad to the customer, or the customer must leave the table to complete a transaction. Also, since the new machines involve card-insert instead of card-swipe, many customers are report forgetting to retrieve their credit cards at e.g. gas stations, and only later realizing the mistake.
But despite the drawbacks, are the extra safety measures worth it? Yes and no. According to the U.K. payments administration, in-store credit card fraud dropped dramatically after the introduction of chip-and-PIN cards, from 218.8 million pounds ($356.5 million) in 2004 to 98.5 million pounds (160.5) in 2008. At the same time, however, losses from card-not-present-transactions, such as internet and over-the-phone transactions, skyrocketed from 122.1 million pounds ($198.9 million) in 2003 to 328.4 million pounds ($535 million) in 2008. In short, no longer able to steal and clone credit cards like before, fraudsters, it appears, turned their focus to hacking.
As the chip-and-PIN card evolves, perhaps smart cards will still make their ways to the U.S. But credit card security is a rapidly evolving field, as credit card giants Visa and Mastercard constantly look to develop better security measures, including more encoding features on the back of credit cards and more dynamic authentication processes. Most recently, Visa introduced the so-called Emue card, a credit card with embedded keypad, display and microprocessor used for authenticating online credit card transactions and phone transactions. More advances in credit card security are sure to follow.