The Problem With Those Annoying Chip Cards
The news that Walmart is suing Visa to allow consumers to punch in a personal identification number when they use their chip-enabled debit cards has renewed public interest in what those chips are doing in their credit and debit cards anyway.
First, understand that the battle between two of America's largest companies is a touch esoteric for the average consumer. Walmart is pushing for shoppers to be able to use so-called "chip-and-PIN" verification for debit cards, which requires them to punch in a personal identification code to verify purchases. Visa, on the other hand, contends that signing for chip-card purchases is sufficiently secure to reduce in-person fraud, the problem that these embedded computer chips are trying to solve in the first place.
While this is ostensibly a battle over how best to protect your financial information, Walmart and Visa are fighting over money, too. The Wall Street Journal reports that "Walmart pays Visa about five cents more per signature transaction than it does for those that use a PIN," according to a person familiar with the rates.
Security experts generally agree that requiring shoppers to enter a PIN with their chip-enabled card is more secure than a simple signature. Banks, of course, don't want to introduce anything into the purchasing process that might stop you from using your card and worry that remembering a PIN might be too onerous for consumers.
In either case, shoppers and merchants alike have had a rocky time adjusting to the implementation of chip cards and the special terminals needed to read them. The new cards require dipping rather than swiping, and that dipping takes any number of seconds longer—as much as 20 seconds longer, some merchants have reported. Stores have not rushed to buy and install these terminals, fearing an interruption of spending, especially during last year's holiday season. MasterCard, which along with Visa and Europay created the so-called EMV standard, acknowledges that merchants haven't gotten on board as quickly as they expected.
There are other issues with these cards too. One consequence of making in-person fraud more difficult is that hackers have been moving to online fraud. That wasn't unexpected by payment processors—when the U.K. transitioned to EMV cards in the mid-2000s, online and phone-related fraud jumped nearly 200%, while in-person fraud declined—so in the future you'll likely see an increase in two-factor authentication, perhaps even involving biometrics like fingerprints, to whack that mole. That could add even more delays at the terminal.
At this point you may be wondering—what was wrong with the old system? Why can't I just avoid the longer wait and swipe my card like I used to?
It's easy to understand why consumers don't want to change behavior, because ultimately we're not on the hook for fraud. If someone steals your credit-card information, you don't bear the cost; banks and merchants do. So the parties that have to pay for theft want to reduce theft, even if in the short term it means introducing technology that may make consumers grumble.
There is one upside. Perhaps the palpable frustration over EMV will hasten the adoption of faster and more secure mobile payments, most of which will work with the new chip-reader terminals. But until that happens, consumers have no choice but to countenance the extra wait as best as they can.