News:

Lock the door on credit card thieves

By Tim Pawlenty
The Hill | June 4th, 2015

If you knew a large group of highly trained and organized thieves was working in your neighborhood, how long would it take for you to lock your doors?

Of course, we would all do it immediately — and many of us would buy security systems and take other defensive steps as well.

A group of highly trained and organized thieves is working in our cyber neighborhood, and as we have seen over the last year, their methods are growing in sophistication, coordination and success. Yet some of the biggest targets for cyber-criminals, including certain retailers, restaurants, food stores, pharmacies and others, seem to be saying the time and effort needed to adopt a more secure payment card system is too much to ask of them right now.

As we have painfully seen with the now familiar parade of card and data theft incidents, the frequency and cost of breaches to both the merchants and financial institutions grows. It is now more urgent than ever that we work together to do everything we can to stop these incidents before consumer trust in payments is harmed.

The next step toward advancing card technology is adoption of “EMV” or “chip cards.” Chip cards rely on a computer chip embedded in a card to create a unique real-time transaction code for every purchase, making the card nearly impossible to counterfeit. This technology has been enormously successful in reducing counterfeit card fraud in over 80 countries around the world. Implementing this technology relies on both banks to issue cards with chips and retailers to install systems that can accept chip technology.

Banks and issuers are making great strides in putting chip cards in consumers’ wallets. Nearly two-thirds of all credit and debit cards from the eight largest issuers will be chip cards by the end of this year and by the end of 2017, nearly every card in America will be a chip card.

Despite the compelling case for change, a four-year notice period, and almost daily reports of massive data breaches, some companies now argue they need more time. Delaying needed improvements, as some retail groups have requested, takes steps back from extensive, collaborative forward-momentum in better securing payments. Since the payments system relies on many parts to work together, the system can be compromised by the weakest link.

Adding EMV Chip cards to the payments system removes one top area of vulnerability by stopping cybercriminal’s ability to commit counterfeit card fraud. In the UK, retailers have seen losses from counterfeit card fraud fall by 63 percent since 2004. Criminals have been forced to shift their targets to the card not present environment, making it critical that all industries think ahead and work together to uphold equally-high data security standards in that environment.

In 2011, payment networks announced plans for moving the U.S. payments system to chip cards. The plans included an October 2015 milestone for conversion to the new system or non-adopters could face a “liability shift.” In other words, banks or merchants with the more advanced technology would not be liable for some or all fraud costs.

It seems like a no-brainer. If everyone adopts this new technology, nobody will be forced to explain why they left the door open and knowingly increased the chances of their customers being fraud victims. Companies will more easily avoid dealing with the revenue loss, reputational damage, drops in stock price, lawsuits and other burdens triggered by a massive card fraud incident.

American consumers deserve to be protected with strong security measures and technologies, ensuring they remain confident in the payments system. Further delay only gives cyber criminals more opportunity to victimize both American consumers and companies. It’s time to lock the door.

Pawlenty was the governor of Minnesota from 2003 to 2011. He is currently the chief executive of the Financial Services Roundtable.