Recent news that Vladimir Putin’s Russia hacked a White House computer network was a reminder that in the Internet age, nothing is completely secure. If critical elements of U.S. government infrastructure are susceptible to attacks, what isn’t?
Americans know this phenomenon isn’t limited to government networks and computers. Businesses — small and large — must take precautions not just against the stereotypical masked robber, but also against sophisticated fraudsters and cyber thieves who pose an even broader threat. Malicious cyber attacks on retailers have taken on dangerous new dimensions these days with cybercriminals constantly developing new threats which are increasing in sophistication.
In 2014, American businesses faced 27.5 percent more data breach incidents than in 2013. These devastating crimes harm businesses and can compromise the safety of millions of consumers’ finances and personal information. And, these crimes are not limited to retailers. The recently released Verizon data breach report found “the top three industries affected by breaches are the same as previous years: Public [i.e. government, justice system, and government administration programs], Information [i.e. publishing, broadcasting, and telecommunications], and Financial Services.”
With this ever-evolving threat and sophistication of cybercriminals, retailers across the country continue to step up their protections. Many of these approaches necessitate expensive and complex data protection systems, but some of the most effective protections are also simple and straightforward to implement.
Chip and PIN credit card technology is a perfect example. For decades, Americans have used a credit card equipped with a flimsy magnetic stripe on the back and verified purchases with a signature. This worthless customer verification method, however, has been phased out across much of the rest of the world.
Europe made the transition to chip and PIN-equipped cards several years ago, and has reaped significant benefits from this upgrade. In the United Kingdom, domestic counterfeit card fraud losses have fallen more than 63 percent since the implementation of EMV chip and PIN in 2004. Meanwhile, lost-and-stolen fraud – the type of fraud that PIN authentication helps prevent – has decreased every year since 2004 for a total 61 percent reduction. It now stands at the lowest level since the industry began collecting fraud-loss data in 1991.
Australia took note, and has taken its own steps toward chip and PIN credit card technology with the launch of their “PINwise” initiative. Last year, Australia’s Industry Security Initiative (ISI), a collective of Australia’s major financial institutions and card companies, launched an industry-wide move to phase out signature authentication and replace it with PINs during most point-of-sale transactions.
Australia also eliminated all customer verification for small ticket transactions under $35, as small dollar transactions are very low risk. But if fraud is suspected, the merchant still has the flexibility to ask for the consumer’s PIN. The education campaign states that the move toward PIN will make Australia’s payment system even safer, with only a one in 10,000 chance of someone correctly guessing an individual’s four-digit PIN combination.
Meanwhile, in the United States the banking and credit card industries remain reluctant to follow suit, even though the U.S. accounts for over 47 percent of global card fraud losses.
The success of chip and PIN cards is due to the fact that, rather than relying upon easily counterfeited magnetic stripes and fraud-prone signatures, the system uses a computer chip to ensure a more secure transaction, and a PIN number to authenticate the cardholder. The process of PIN authentication greatly reduces the ease of lost and-stolen-card fraud.
Reducing fraud in Internet (also known as card-not-present or CNP) transactions has long been a priority for the retail merchant community, which bears most of the burden for CNP fraud losses. Federal Reserve research shows retailers cover the cost for over 70 percent of total debit card CNP fraud losses. The process of PIN authentication is also recently available as an Internet tool that some merchants have chosen to deploy for online shopping as a fraud prevention investment. With such commercial solutions available in the U.S. marketplace, PIN deployment by issuers on EMV cards could help better protect online shoppers.
All players in the payment ecosystem must move together to adopt this technology. Small businesses and consumers across the country should demand these protections on financial products. It is hard to imagine a smartphone maker today who wouldn’t provide their customer with an option to password protect their phone, but yet, that is exactly what our financial institutions are doing with our credit and debit cards if they fail to enable PINs on the chip-equipped products being rolled out over the next few years. Anything less than chip and PIN-enabled products is leaving Americans unnecessarily vulnerable to fraud and theft.
Liz Garner is a vice president at Merchant Advisory Group. Thinking of submitting an op-ed to the Washington Examiner? Be sure to read our guidelines on submissions for editorials, available at this link.
