Which country tops the lists of credit card fraud? Americans may be surprised to learn that we do. We lost $3.5 billion in card fraud in 2012, according to industry newsletter the Nilson Report. And a big part of the reason is that we are decades behind the rest of the world in some technology.
It’s hard to believe. We are the home of Apple, Microsoft, Twitter, Oracle and Facebook. Doesn’t that mean we are the cutting edge of high tech? Actually, when it comes to consumer finance and technology, we are not. We are closer to last place.
In much of the rest of the world, the banks and retailers use technology that combines a chip and a pin code, called EMV, to make a purchase. (EMV is named after its developers Europay, MasterCard and Visa.) This makes it very difficult to steal the card because the transaction has two points of authentication.
The magnetic swipe cards we have in the U.S. are easy to copy or replicate. This was painfully clear to Target, Neiman Marcus and their customers recently. More than 100 million customer credit cards were compromised. And now we are all watching our bills closely for suspicious charges from Las Vegas or Texas.
It’s hard to keep up with all the fraud. Target’s hack was big, but still not the biggest. In recent years, attacks to Adobe and T.J. Maxx/Marshall’s hit more people. So did another involving J.C. Penney and JetBlue. Michaels just announced it had found possible fraudulent activity.
Our cards are so outdated that traveling overseas has become a challenge. Some retailers won’t accept American cards that have only a magnetic strip. The retailers that do accept magnetic strips usually charge extra fees because the antiquated cards expose the retailers to additional risk. Their fraud insurance won’t cover the old cards.
It’s easy to make a physical copy of a magnetic strip card without the cardholder knowing. All you need is two machines. One sits on top of the counter, and is the one the customer sees for the purchase. Another one is located under the counter, or in the back of the store. The hidden one makes an extra copy for organized crime.
If you ever eat at a restaurant in the U.S. with foreign guests, watch how uncomfortable they are with the waiter taking the card away from the table to swipe it. This is because it’s easy to keep a second machine in the back room.
These days, however, advances in software and hacking mean that your card details can be stolen even if the card never leaves your sight. All the criminal needs is access to the database where the card data is logged.
Overseas, EMV cards aren’t swiped. They are inserted into a machine that reads the chip, which isn’t enough to make a purchase until you also insert your PIN at the same time. And because the chip generates a one-time code, the data that is stored is not useful with duplication, making fraud a lot more challenging.
South America, Asia, Mexico and Canada all switched or are in the process of switching. (Africa is a different story. There, mobile phone technology is emerging as the main tool for electronic purchases — and there are some who argue America should just skip EMV cards altogether and consider a smartphone solution.)
Of course, EMV cards won’t eliminate fraud altogether. I read about an extremely sophisticated card fraud in Europe that involved the manufacturer of the machines that register purchases. That hack required insider access and a much higher level of difficulty.
Overall, though, EMV technology has reduced fraud dramatically by raising the bar for access through hacking. Without EMV, the U.S. accounts for 27 percent of global credit card transactions but 47 percent of fraud, according to the Nilson Report.
Our major credit cards companies have expressed their commitment to move to this new system in the next few years. It is quite a task. It will cost billions to replace the cards and billions to upgrade retail terminals.
But when you compare the one-time costs to make the change with the annual cost of fraud, it’s getting harder to argue that doing nothing is the right course. Until then, we’ll remain the main country not using the safer system. For card hackers, that means we are the technology laggards and the low-hanging fruit.