It was good news. In July 2013, federal prosecutors in the United States brought indictments against members of a sophisticated Russian syndicate. The gang members were charged with stealing and selling more than 160 million credit card numbers from JCPenney, 7-Eleven, JetBlue, Heartland Payment Systems, Carrefour (in France) and one of the world’s largest credit and debit processing companies. The thefts could be tracked back to 2005, according to The New York Times, and had resulted in hundreds of millions of dollars in losses.
Unfortunately, the indictments were not effective and the same group is suspected of participating in the security breaches of Target, Michaels and Neiman Marcus companies just a few months later.
Adopting the Europay, MasterCard, and Visa standard: The continued and very public success of hackers and the ever-increasing cost of fraud losses, fraud management and fraud-related expenses spurred the United States credit payment industry to change the way it does business. After decades of resisting the Europay, MasterCard, and Visa (EMV) standard for credit payments, which is generally believed to be more secure than our current payment system, the industry is adopting it. It’s an action many believe is long overdue.
The good news is change is finally on its way. The bad news is it may take longer than expected. Some estimates project the majority of U.S. merchants will be EMV compliant by 2016, but many analysts believe that goal will be reached closer to 2018.
What is EMV? EMV was developed in the 1990s after a study commissioned by the European Council for Payment Systems, and conducted by Europay International, determined the most effective way to reduce credit card fraud was to eliminate magnetic stripes (mag-stripes) and embed chips in credit and debit cards.
In the United Kingdom, the introduction of EMV cards is credited with helping reduce fraud significantly. Counterfeit card fraud fell by 75 percent after peaking in 2008, and fraud losses have fallen by 75 percent since 2004.
Eighty countries around the world already have implemented or are implementing EMV technology. For instance, about 95 percent of card readers in Europe; 79 percent in Canada, Latin America and the Caribbean; 77 percent in Africa and the Middle East; and 51 percent in the Asia Pacific region are EMV compliant.
In fact, if you’ve traveled overseas recently, you may have encountered the EMV standard. It’s a source of frustration for American travelers who find their mag-stripe credit cards won’t work in train station kiosks and are not accepted by some retailers.
Ironically, even criminals prefer the EMV standard. The going rate on the black market for an American credit card number is $10. A European card number, on the other hand, will fetch about $50. According to The Washington Post, there are two reasons for this. First, American card numbers are easier to get. Second, when used in the United States, European cards are no more secure than mag-stripe cards because American retailers do not adhere to the EMV standard.
Couple this with the fact European banks are slow to process transactions on weekends and criminals can enjoy a spending spree.
An evolving industry: The good news is EMV should make card payments in the United States more secure. The bad news is payment systems are not static. As the popularity of mobile devices has grown so has the popularity of mobile banking and commerce. Some consumers already have embraced mobile applications that allow them to use smart phones or tablets to pay for goods and services.
The growth of mobile payments is expected to accelerate and change the way business is done around the world. Gartner, the world’s leading information technology research and advisory company, estimates global mobile transaction volume will grow by 35 percent on average from 2012 to 2017. The company’s forecast suggests the mobile payments market will comprise 450 million users and will be worth more than $720 billion – a number that was reduced during 2013 because of lower-than-expected growth in North America and Africa – before the end of the decade.
Protect yourself against fraud: Of course, a new payment system means new hardware and security solutions. Mobile payment security will depend on application configurations as well as security measures taken by smart phone and tablet users. If you use or plan to use your mobile device for banking or commerce, make sure you take basic safety precautions:
• Protect your mobile devices using complex passwords
• Download an app for finding a lost device and/or disabling it
• Only download apps from trustworthy sources
• Check app reviews and ratings before downloading them
• Only bank or shop over secure Internet connections (not public Internet connections)
• Make sure the web address begins with https (indicating you have a secure connection) before sending data
American consumers will have lots of choices when they want to make purchases. The bad news is it can be challenging to stay abreast of new technology and the security measures it requires.
• Mike Piershale, ChFC, is president of Piershale Financial Group. Send any financial questions you wish to have answered in this column to Piershale Financial Group, Inc., 407 Congress Parkway, Crystal Lake, IL 60014. You also may fax them to 815-455-6895 or email Mike.Piershale@PiershaleFinancial.com.