April 2013

Security + Safety

With major credit card institutions investing billions of dollars to protect their customers, those who rely on credit cards to make purchases can feel safe knowing their information is secure.  In this issue of The Credit Line we highlight the steps credit card institutions are taking to protect personal financial data and make sure it stays out of the hands of cyber criminals.  Plus, we discuss the industry’s 0% liability policy to protect customers against fraud and share some polling data to demonstrate how confident consumers are with the current system and its ability to protect them.





EVOLVING TECHNOLOGIES TO COMBAT SOPHISTICATED CRIMINALS

Technology advances could soon mean the end for that familiar magnetic stripe on the back of a typical debit or credit card. The magnetic stripe has served customers well for decades, but in a rapidly changing security environment, a better technology is needed. One technology that is being rolled out in the United States is EMV, which stands for Europay, MasterCard and Visa.

WHAT IS EMV?

Debit and credit cards that are EMV compliant have a microprocessor chip that encrypts and stores account data. EMV chips provide security features that go beyond cards with a magnetic stripe.

According to the Smart Card Alliance, “The biggest benefit of EMV is the reduction in card fraud resulting from counterfeit, lost and stolen cards.” EMV technology is unique because it supports and requires enhanced identity verification methods.

THE MOBILE PAYMENTS BOOM

The future of payments is likely to be mobile: More and more consumers are adopting mobile devices as a safe, secure way to pay for goods. According to Gartner Inc., there were 212 million users of mobile payments globally, a 32% increase over the previous year. The Federal Reserve found that 28% of all mobile phone owners have used mobile banking in the past 12 months, up from 21% a year earlier.

Mobile payments technology can involve numerous bank and non-bank participants, including mobile wallet providers, telecommunication companies, mobile card acquirers (like Square), and prepaid service providers.  In many cases, the core of mobile payments is and will remain the infrastructure that is in place today, including the payment card networks and the financial institutions where consumers maintain their everyday checking accounts from which funds are typically drawn in a mobile transaction.  As banks, the networks, and new entrants continue to innovate, it will be important that the robust protections in place today —  involving the security of these transactions, the integrity of the payments system, and how best to protect consumers from fraud – remain in place.

THE ROLE OF CREDIT CARD ISSUERS

Innovation in the payment space is not useful if consumers are not protected. Card issuers are working to ensure that customers will get the same protections using their phone for a purchase as they do using a plastic card. Some important security features that are common include:

  • Zero Liability: One of the biggest security benefits of credit cards is that when an unauthorized purchase is made, the customer is not expected to cover the cost. When a transaction is made using a mobile wallet involving a traditional credit card, this same protection is guaranteed.
  • Lost Phone Protection: You may lose your phone, but if you have a mobile wallet, you are protected from unauthorized purchases being made. Most mobile wallets require a PIN to make a purchase. Once a phone is lost, you can also notify your phone carrier and have the phone shut down.
  • Built in Technology: Near Field Communication (NFC) enabled devices have SIM cards that store a consumer’s payment information. Payments applications used by mobile devices are subject to certified security standards agreed on by the payments industry and meet the same standard of security as chip and pin.

MOBILE PAYMENTS AND REGULATION

Over the past year, Congress has held hearings to discuss mobile payments technology and security. Last year, the House Financial Services Committee held a hearing on March, 22 titled “The Future of Money: How Mobile Payments Could Change Financial Services.” The hearing provided valuable testimony demonstrating why this technology is designed to protect customers. Click the names below to access testimony by experts who have testified on mobile payments security.


The payment card number for a credit or debit card identifies the issuer and the particular cardholder account.

The expiration date is there to ensure a card is replaced before it experiences wear and tear. From a security standpoint, the expiration date is used by merchants and issuers to validate that a card is an active account and valid. This helps protect customers because it is one more piece of information a cyber criminal would need in order to successfully steal information.

Each credit card processes a transaction over a payment network, such as Visa, MasterCard, American Express or Discover. These networks ensure that the information is securely transferred from the merchant to the card issuing bank so that the purchase can be made.

Major credit card issuers have voluntarily adopted zero liability policies to product consumers. Zero liability policies go beyond the requirements of federal law, which limit individuals’ out-of-pocket expenses to $50 if a credit card is lost or stolen and then used fraudulently. As the name implies, zero liability policies mean that consumers pay nothing if their cards or account information are stolen and used fraudulently.

The magnetic stripe on most cards has long played an important role maintaining data security. In the magnetic stripe is encoded data allows a transaction to go through once it is swiped. After a customer makes a purchase, merchants cannot keep full data from the strip. By purging this data from the system, it ensures unauthorized purchases are not made.

When you make a purchase with your credit card, you are often required to sign a receipt for the merchant. This lets the merchant know you are the owner of the card being used.

In addition to the account number, every card has a three or four digit number known as the card validation code. This code reveals to the payment network if there has been any altering or counterfeiting.


Keeping Customers and Merchants Safe

Cyber security is an important national security issue that cannot be ignored. Online fraud and cyber security represent real threats that continue to grab front page headlines week after week. Fortunately, the major credit card networks and issuers have been ahead of the cyber threat curve for the last decade.

In 2004, the major payment networks and credit card companies joined in a cooperative initiative called the Payments Card Industry (PCI) Security Standards Council to increase security and protect against fraud. The function of the PCI Council is to set industry-wide standards designed to confront potential threats to security. These standards guide merchants, financial institutions, hardware and software designers and service professionals to adopt best practices that ensure information stays safe.

Of course, the industry isn’t alone in making the protection of customer data and information a top priority. The day after his State of the Union address in January, President Obama issued an executive order calling for the National Institute of Standards and Technology (NIST) to develop a new cybersecurity framework to reduce cyber risks to critical infrastructure, including the financial system. In response to the Executive Order, NIST has issued a Request for Information to get all the facts needed to build a framework that NIST says will “enable innovation by providing guidance that is technology neutral and recognizes the different needs and challenges within and among critical infrastructure sectors.” Comments to NIST are due by April 29, 2013 and can be submitted electronically to cyberincentives@ntia.doc.gov. You can read the full NIST press release here.

The White House has also started an initiative to collaboratively engage the private sector, advocacy groups, and public sector agencies called the National Strategy for Trusted Identities in Cyberspace (NSTIC). According to their website, the Strategy calls for the “development of interoperable technology standards and policies — an ‘Identity Ecosystem’ — where individuals, organizations, and underlying infrastructure — such as routers and servers — can be authoritatively authenticated.”

You can read more about NSTIC by clicking here

View Other Recent Issues

Sort By
  • January 2013
    2013 Outlook
    • Want to know what the future holds for the payments industry? We have the inside line of what to expect in 2013 and beyond.

  • July 2014
    Banking on Secure Data
    • Credit card companies make sure your data is protected.

  • November 2013
    Changes in the Credit Card Marketplace
    • There have been important changes in the credit card marketplace recently. Find out more here.

  • November 2012
    Committed to Satisfaction
    • Satisfaction with cards is up, but don’t take our word for it. JD Power and the CFPB weigh in.

  • January 2015
    Credit Scores & Reports
    • Credit reports and scores are useful tools for consumers and lenders. Learn more about the importance of accurate information here.

  • June 2013
    Fueling the Economy
    • Credit cards bring in more sales and create efficiencies for businesses. See how credit cards make the economy hum.

  • December 2014
    Future Payments
    • Credit Card Companies are innovating convenient and secure ways to pay.

  • March 2013
    Journey of the Payment Process
    • Want to know what happens when you make credit card purchase? We bring you the journey of the payment process.

  • March 2014
    Prepaid Primer
    • Prepaid cards are a convenient financial tool growing in popularity. Learn how they work.

  • December 2012
    Reaping the Rewards
    • Research shows rewards cards aren’t just for the rich. Get tips so you can reap the rewards.

  • April 2013
    Security + Safety
    • Issuers have invested billions to ensure customer data is secure. See what steps they’re taking to protect you.

  • February 2013
    Super Bowl Showcase
    • Like Super Bowl ads? We have them! Plus, we feature Visa’s Financial Football program and other financial literacy programs.