EMV compliant cards will be issued by next year. The intent is to provide better protection of the data on the cards through more robust encryption. This is a great step but some weaknesses still exist. Credit cards will still have magnetic strips with data in relatively the same manner as today. For the individual card, this means they are still relatively susceptible to theft. The “smart cards” have more effective encryption and a transaction-unique ‘signature’ which means that the large quantity of data on retailers’ systems would be better protected. This is critical in protecting the majority of consumers.
Card-Not-Present transactions are not protected by EMV standards. There are potential ways that this could be used to protect this information but we are not likely to see that any time soon. While this is still a weakness it does not mean that EMV is not a good idea. Most of the big data breaches recently have been against retailers that have transactions where the card is present.
This new protection also comes with some big changes in who assumes liability. As many of you mentioned, Community Banks assume a large share of the financial burden when a retailer loses millions of card numbers. Banks need to reissue cards, which can get costly, and cover the losses of fraudulent transactions reported by customers. With the use of EMV technology, the responsibility for fraudulent charges will shift to the company that lost the data. At this point it is unclear how banks will handle this from a customer relationship standpoint.
An interesting article was published last week in The Washington Post (link to the right) by Sarah Halzack noting that while Target and Home Depot were hit by hackers in their most vulnerable times of year, consumers tend to return. Home Depot has said they expect a 4.8% sales growth over last year for 2014 and September sales remain in line with its previous expectations. Target says that the impact of this attack has cost them $146 million to date but said that the “vast majority” of shoppers who came to the store before the breach have since returned.
Not only have consumers become complacent with these breaches it seems that Wall Street has too. Home Depot stock price is up nearly 4 1/2% over this time last year. While Target hasn’t fared quite as well, they are within pennies of where their stock price was a year ago. Target’s revenues and net income have been down since the breach but continue to show improvement.
American consumers have been comfortable with the current regulations because they are not liable for fraudulent transactions on their credit card. EMV does not change this but we must become more aware of the impact to our economy as a whole. Someone is paying for these loses and like most non-value added costs, it is coming back to us through higher costs of products and services. I believe retailers will quickly embrace EMV to protect their liability and protect their customers. New technology such as Apple Pay will also have an impact on protection of our credit card information in much the same way as EMV.
With better protection of data and more consumer awareness, we can win the battle but expect changes in how we transact business and new technologies. Consumers must embrace the latest technology to protect their credit card data because the hackers are embracing the latest technology to steal it.