The push for those chip-carrying EMV cards, which would make it more difficult for fraudulent transactions to occur, continues apace.
In California, the State Senate is advancing a bill that would make April 1, 2016 — no fooling! — the date by which both retailers and card issuers would need to support the chip-and-PIN standard.
This is actually 6 months past the Oct. 1, 2015 deadline set by Visa and MasterCard, after which point, the card giants announced they would not be financially liable for any false charges, but rather, would return that burden to merchants. The California bill comes with potential charges for non-compliance, but also has exemptions for small retailers, convenience stores and gas stations who would have additional time — through October 2017 — before becoming liable.
Not everyone supports the push for deadlines, however, Industry newsletter Greensheet quotes the Electronic Transaction Association as saying “"Passing a single state technology standard will open the floodgate to additional state responses and create an expensive, unsafe and inefficient myriad of technology standards.”
Since Visa and MasterCard have already imposed their own transition date for EMV, however, it’s unclear how California’s law would actually create a “myriad” of standards, other than forcing a further push toward the new technology.
MasterCard has even doubled down on their support for coming standards, announcing “zero-liability policy for cardholders in the United States to include all PIN-based and ATM transactions.”
Visa, the largest card issuer, has yet to announce such a change, but according to the Reuters article, “"This all comes back to the adoption of EMV. Of all the cards that are breached at ATMs, a majority of them are non-EMV cards. This is just another way for the company to impress upon the importance of quickly adopting EMV cards.”
However, as a recent AP article on MasterCard and Visa’s renewed push for EMV standards states, “The chip technology hasn’t been adopted in the U.S. because of costs and disputes over how the network would operate. Retailers have long balked at paying for new cash registers and back office systems to handle the new cards. There have been clashes between retailers, card issuers and processors over which processing networks will get access to the new system and whether to stick with a signature-based system or move to one that requires a personal identification number instead. These technical decisions impact how much retailers and customers have to pay — and how much credit card issuers make — each time a card is used.”
That “clash” may help explain California’s legislative support for the changeover, though of course, it would need to go through the state assembly, and then the governor’s desk, first.
That same AP article quotes one card security expert as saying “Chip and pin is just another security component. What matters is how companies like Target use consumer information, how they protect it,” further noting that “while chips would be a big security improvement, they wouldn’t have stopped the hackers from breaching Target’s computer systems where they also stole the personal information, including names and addresses, of as many as 70 million people, putting them at risk of identity theft.”
Given the recent breach of data at eBay as well, protecting data will become even more paramount in the years ahead.
MasterCard, however, is feeling confident enough to back up its PIN transactions, at least. Hopefully online transactions will similarly become more secure, and less vulnerable.
You don’t even need to wait on the legislature, to do it!