CREDIT-CARD BREACH

Switch from card-swiping to chip-and-PIN overdue

 
 
MCT
MCT
Nease / MCT

The Boston Globe

Police in Texas recently arrested two drivers carrying 96 fake credit cards, which authorities initially suspected were manufactured using numbers stolen in the massive Target credit-card breach. On the same day, South Korean authorities announced “the theft of personal information from more than 100 million South Korean credit cards and accounts.” As data heists become ever-more aggressive, it is increasingly necessary to switch from America’s hoary card-swiping to the chip-and-PIN cards that have made Europe safer.

The age when consumers paid with cash and checks seems as quaint and distant as the age when horses trotted down Commonwealth Avenue and gas lights flickered in the dusk. Seventy-eight percent of Americans have debit cards, and 70 percent have credit cards. Much of the credit- and debit-card revolution is real progress. Our transactions are quicker. Retailers who want to sell to customers without bundles of currency don’t need to operate their own mini-lending agencies.

But credit cards also carry costs; some Americans over-borrow and spend years paying off debt at high rates. While most consumers know how to prevent excessive debt — don’t spend the money — credit-card fraud is a far more shadowy danger.

And in no small part because of the now-primitive magnetic-strip technology that the cards generally use, credit-card fraud has become one of the common hazards of life. A few years ago, I spent hours arguing that I was not responsible for a $15,000 used car purchase in some remote English town. More than 5 percent of consumers either lose their cards or have them stolen annually, and each lost or stolen card is associated with about $600 in fraudulent use.

We can reduce the losses from credit card fraud by switching to so-called smart cards with chips that require PINs. There is a long-established global standard called EMV — for Europay, MasterCard and Visa — for smart cards, which are harder to reproduce en masse than magnetic-strip ones; the PINs they use are more secure than signatures, which are easy to imitate and often go unchecked anyway. Britain implemented chip-and-PIN in 2004, and since then fraud from lost or stolen cards has declined by 61 percent. The fraud rate in face-to-face transactions in France has also fallen dramatically. In contrast, there’s a market in South Korea for stolen credit-card information because chip-and-PIN systems haven’t caught on in that country.

There are ironies in the fact that America remains an island of card swiping in a world that has largely embraced PINs. Target was an early pioneer of smart-card technology in the United States, but the company dropped the experiment because it was slowing down checkout lines.

Adopting smart cards isn’t free. One estimate is that the cost of replacing cards and payment terminals will exceed $5 billion. I am not looking forward to typing in PIN numbers for the rest of my life. Moreover, thieves will surely figure out new ways to steal, by targeting online transactions and stealing PIN numbers.

Chip-and-PIN is not a panacea, just the inevitable next step in an ever-escalating arms race with the hackers. Reports now suggest that the code that compromised Target was written by a Russian teenager. If data theft on this scale is that easy, then we need to at least move to the global standard for smart cards — and be prepared to adopt future security improvements.

In Britain, the push toward smart cards came from an association of financial institutions; later, the government backed the group’s recommendations. Occasionally, a central institution in other countries, such as the European Central Bank, will give the process a push. And if the Consumer Financial Protection Bureau of the Federal Reserve Bank chose to nudge the United States toward chip-and-PIN by verbally exhorting the industry to move swiftly, it certainly can’t hurt.

But especially in light of the potential for interference from — or backlash within — a fractious Congress, I’d rather see a private solution. The credit card companies and retailers that carry most of the losses from fraud should have strong enough incentives to adopt the safer technology. Moreover, the Target data breach, which has affected as many as 110 million customers, likely ensures that Americans will be more open to typing in a few numbers at the point of sale.

Edward L. Glaeser, a Harvard economist, is director of the Rappaport Institute for Greater Boston.

© 2013 The Boston Globe

Read more Other Views stories from the Miami Herald

  •  
REID

    MICHAEL BROWN SHOOTING

    Joy-Ann Reid: Why some fear the police

    If you’ve never feared the police — if you don’t get a dull ache in the pit of your stomach when you see red and blue flashing lights, even when you know you’re not doing anything wrong — consider yourself lucky.

  • FLORIDA POLITICS

    In Florida governor’s race, no limit on nastiness

    Gov. Rick Scott on Monday ramped up an asphalt agenda, calling for more lanes on Interstate 295 in Jacksonville and millions more for airports and seaports.

  •  
FRIEDMAN

    SYRIA

    Intervening in Syria comes with a price tag

    Hillary Clinton recently reignited the who-lost-Syria debate when she suggested that President Barack Obama made a mistake in not intervening more forcefully early in the Syrian civil war by arming the pro-democracy rebels. I’ve been skeptical about such an intervention — skeptical that there were enough of these “mainstream insurgents,” skeptical that they could ever defeat President Bashar Assad’s army and the Islamists and govern Syria.

Miami Herald

Join the
Discussion

The Miami Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

The Miami Herald uses Facebook's commenting system. You need to log in with a Facebook account in order to comment. If you have questions about commenting with your Facebook account, click here.

Have a news tip? You can send it anonymously. Click here to send us your tip - or - consider joining the Public Insight Network and become a source for The Miami Herald and el Nuevo Herald.

Hide Comments

This affects comments on all stories.

Cancel OK

  • Marketplace

Today's Circulars

  • Quick Job Search

Enter Keyword(s) Enter City Select a State Select a Category