Banks, retailers speed up drive to add chips to credit, debit cards

Data breaches spur effort to boost security; end of the swipe?

The Wall Street Journal
Weak US card security made Target a juicy target
.

View photo

FILE - In this Jan. 18, 2008 file photo, a customer signs his credit card receipt at a Target store in Tallahassee, Fla. The U.S. is the juiciest target for hackers hunting credit card information. And experts say incidents like the recent data theft at Target's stores will get worse before they get better. That's in part because U.S. credit and debit cards rely on an easy-to-copy magnetic strip on the back of the card, which stores account information using the same technology as cassette tapes. The breach that exposed the credit card and debit card information of as many as 40 million Target customers who swiped their cards between Nov. 27 and Dec. 15 is still under investigation. (AP Photo/Phil Coale, File)

GLEN ALLEN, Va.— Morgan Montgomery inserted a credit card into a device, pulled it out and tried to pay for her groceries. But the transaction failed because she didn't realize the card was supposed to stay in the machine while she signed for the purchase.

"I don't like letting go of it," she said of the card. "I'm worried about leaving it behind."

Ms. Montgomery, a 30-year-old business owner from Richmond, Va., was one of 10 consumers who swiped, dipped, tapped and fiddled their way through imaginary purchases earlier this month as part of research being conducted by MasterCard Inc. into new credit cards that are coming to American wallets in an attempt to combat fraud.

The push for the new cards is taking on greater urgency following a number of high-profile data breaches in recent months that have exposed millions of consumers to potential fraud. Just last week, grocery chain Supervalu Inc. disclosed that it was investigating a breach that could affect shoppers at roughly 1,000 supermarkets.

View photo

.
Major lenders, regional banks and credit unions are rolling out the new cards, which contain a computer chip in addition to the traditional magnetic strip on the back. Merchants, too, are installing new terminals at the cash register to accept the cards.

The Supervalu incident follows a rash of other breaches, from the massive hack at Target Corp. during last year's holiday shopping season to smaller ones at restaurant chain P.F. Chang's China Bistro Inc. and Goodwill Industries International Inc. thrift stores.

In all, U.S. lenders will issue more than 575 million chip credit and debit cards by the end of 2015, representing roughly half of the one billion cards now in circulation, according to an industry-group projection.

Chip cards have been used widely in Europe, Asia and Canada for years. But they have been slow to take hold in the U.S., in part because of a "chicken-and-egg" battle between the card industry and merchants. Businesses didn't want to invest in new technology until the card companies issued the plastic to consumers, while the card companies didn't want to give them to customers until there was a place where they could be used.

Now, the breaches are making both sides eager to roll them out. Bank of America Corp., the nation' second-largest credit-card issuer after J.P. Morgan Chase & Co., and regional lender SunTrust Banks Inc. are among the institutions now putting chips on plastic sent to new customers or existing customers whose cards are expiring.

"By the time we get to holiday shopping, there will be a good base of chip cards in the market," said Carolyn Balfany, who is overseeing MasterCard's transition to chip cards.

Merchants, too, are upgrading the computer terminals at the cash register to accept the new cards. Wal-Mart Stores Inc. is using the technology at more than 4,600 of its nearly 5,000 stores in the U.S. and expects to have the rest upgraded by the end of the year, according to a company spokesman.

Each transaction made with a chip card has a unique code attached to it, reducing the chance that stolen card data can be used to make counterfeit plastic. Such cards likely wouldn't have prevented the hacking at Target, but the card data would have been useless to thieves, experts say.

U.S. credit-card-fraud losses totaled roughly $18 billion last year, according to Javelin Strategy & Research, a consulting firm that is a unit of Greenwich Associates. About a third of those losses are attributed to the counterfeit cards, according to consulting firm Aite Group.

The new cards come with changes to the basic way people are accustomed to paying for purchases. Although the cards still have a magnetic strip on the back to be used at merchants that haven't upgraded their technology, the computer chips don't work with a swipe at the register. Instead, shoppers slide the card into the bottom of the terminal and leave it there while the purchase is processed.

"It's going to take some patience and time with the merchants' staff and the customers that are making the purchases," said Mike English, executive director for product development at Heartland Payment Systems Inc. The Princeton, N.J., company, which processes transactions on behalf of merchants, is training its customers to use the new equipment.

Some of the new credit cards also may require shoppers to enter a personal identification number instead of a signature. That was one of the trickiest changes for Canadians who weren't accustomed to having a PIN for their credit cards, said Ellen Richey, vice chairman of risk and public policy at Visa Inc.

"Consumers aren't used to it, they don't remember it and they don't think they need it. Then all of a sudden, they are at the cash register and can't remember their PIN," she said.

To ease the way for U.S. consumers, the card industry will be flooding mailboxes and websites in coming months with information about how to use the new cards. Some card terminals at the cash register will prompt shoppers through the transaction process and issue a series of beeps to remind them to remove the card at the end.

MasterCard recently tested consumer reaction to the cards at focus groups in St. Louis and Towson, Md. At the focus group earlier this month, consumers were escorted into a conference room to test a number of ways to use a chip card.

Ms. Balfany and a few members of her chip-transition team watched and took notes on consumers' reaction from the other side of a two-way mirror.

After answering questions about how they typically pay for purchases, the consumers were given a chip card and led to two terminals where they were guided through a series of imaginary purchases. A few were initially uncertain about where to insert the card or how long to leave it in the device, but sailed through the process on the second or third try. Nearly all of them liked a process in which they tapped the card on the terminal's screen.

Said Jerry Greenway, 67 years old, from Richmond, Va.: "If it helps make the cards more secure, I'm all for it."

 

RELATED VIDEO:

 

More From The Wall Street Journal

Rates

View Comments (8)