Skip to Main Content
PCBB Banc Investment Daily November 18, 2014
Banc Investment Daily
November 18, 2014

Het Spijt Me, Desole, Eintschuldigung, Sorry

I am sorry. This phrase should be learned in the language of any country one intends to visit before going abroad, as it is one of the most important things to express in a tight spot. It is necessary for apologizing after stepping on someone's toe, spilling their drink or when explaining a traffic mistake to a policeman. Lately, American travelers are hearing this phrase in businesses large and small from friendly cashiers across Europe, along with an explanation that their credit or debit card with a magnetic strip cannot be accepted. This is also likely to occur in Canada and much of Asia and South America. Over the years, acceptance of magnetic strip cards has declined and now they are often not usable abroad except in ATM machines.
Most of the rest of the world uses EMV chip cards which boost security with an embedded microchip. That chip transfers information using unique encoded information that is different for each transaction. If the data is intercepted from a merchant by a thief, it's like getting their hands on an expired password.
Here in the US, the target for implementation of cards and terminals using chips is Oct 1, 2015. Delays occurred over the years, as merchants and banks discussed the expense and assessed whether the expense was worth the effort. Given recent breaches of millions of records, this discussion is now moot. The primary motivation for banks and merchants to hit the target date is that at that point, there will be a liability shift. This is to say that the expense of fraudulent transactions will then fall upon the non-compliant party, most often the merchant so security will be paramount and of high interest to all.
Given that the rest of the world uses a chip and PIN system, we think it is about time the US caught up. Then, when a customer makes a purchase, the cardholder inserts the chip card into a reader and types in a PIN to verify identity. The benefit is that in the case of a stolen card, the PIN can be remotely and immediately changed rendering the card useless.
There has been some debate among US card issuers whether to go with a chip and signature system rather than chip and PIN. With a chip and signature card, only a signature is required for verification. This is what we are used to in the US, but a stolen card can easily be used with a forged signature. The signature system may be less secure, but it is sufficient to meet the terms of the liability shift, according to a VISA spokesman and global digital security outfit Gemalto, so we will see what happens.
As things stand now, most US card companies now issuing chip cards are using the chip and signature system, with the entry of a PIN causing the transaction to be treated as a cash credit withdrawal. However, given more data leaks, there is a stronger shift towards PIN cards. In fact, Chase has announced they will take the PIN route, as has Target.
Either PIN or signature with a chip will represent a big step forward for the security of US credit cards. As community banks work with their card providers to make this shift, we recognize that expense is important. That said, given the hassle and the reputational risk involved in a large card fraud, taking the signature route rather than the PIN seems like a shortsighted fix given the sophistication of today's thieves. In the meantime, if an overseas vacation is in your plans, be sure to get a good guide book and a map, and be sure to take a card with a chip as otherwise your payment options may be limited.