According to the CEO of Visa during a recent earnings call, only about 17% of the company’s transactions use the more secure system. The terminals themselves are out there but not activated at some retailers, and others haven’t installed them at all. Why is that?
The liability shift, when credit card fraud became the responsibility of retailers instead of banks if they didn’t have their chip card systems running, already happened on October 1, 2015. If a customer’s bank hasn’t issued them a chip card yet, then the bank is liable for the cost of any fraud that happens.
Security reporter Brian Krebs, the person who usually breaks any stories about large credit card breaches, ATM skimmers, and other terrifying bits of real-life cybersecurity, wondered about this, since it’s now four and a half months past the liability shift deadline, and local merchants were still asking him to swipe payment cards. Even on payment terminals that had chip readers.
Lots of smaller businesses don’t even have terminals installed to accept chip card payments, though. Why wouldn’t they want to? Payments consultant Allen Weinberg speculates that it’s because small, local businesses:
- don’t think they’re at significant risk of fraud
- weren’t aware that the shift to chip cards was coming, or simply weren’t ready to upgrade their equipment
- don’t want to be the ones responsible for teaching everyone in their community how to use the new cards, or don’t want to force their front-line staff to.
Those are all plausible enough reasons. Yet Weinberg pointed out to Krebs that for most merchants, it will take only one really bad instance of fraud or malicious chargeback for them to “get religion,” as he says, and upgrade their terminals. Then we’ll all be able to use our cards with computer chips in them and join the rest of the world in the 21st century.
The Great EMV Fake-Out: No Chip For You! [Krebs on Security]
by Laura Northrup via Consumerist
No comments:
Post a Comment