By Debra Berlyn
November 21, 2016 at 5:00 am ET
The holiday season is just about upon us and consumers across the country are preparing to spend an estimated $1 trillion in the next three months on gifts for family and friends. This uptick in sales represents about a 4 percent overall increase from last year and is largely driven by the growth of online sales, projected to increase 18 percent to just shy of $100 billion this year.
This could be the first year retail sales reach the 13-figure mark and also the first year that the majority of shoppers will complete their purchases using new chip-enabled EMV (EuroPay, MasterCard, Visa) cards the U.S. transitioned to last year.
The new cards promised to finally bring U.S. credit card security into the 21st century by retiring old magnetic stripe technology from the 1960s and replacing it with microchip technology. While the move to chip cards was a big improvement from the cards they replaced, they have fallen well short of their promise to bring card security into the 21st century. This is primarily because card issuers and banks didn’t make improvements that mirrored the standard for EMV cards many other countries adopted years ago.
In the U.S., major card issuers such as Visa and MasterCard, have introduced what are referred to as chip-and-signature cards. These cards use microchips to uniquely code each purchase, but then unfortunately only rely on a signature as a second form of authentication. The rest of the developed world – Canada, Australia and the United Kingdom, for example – adopted chip and PIN cards. These PIN-enabled cards generate a unique code for each purchase as well, but instead of relying on an illegible scribble of a signature as a second layer of security, the cards rely on a personal numeric code only known by the card owner.
Relying on a signature as a second form of authentication is a fatal flaw that causes the current crop of chip cards to be useful only in addressing counterfeit card fraud, which accounts for around a third of credit card fraud. On the other hand, the chip and PIN cards could address almost all forms of fraud – counterfeit card fraud, lost/stolen card fraud — and also have the ability to be used to better safeguard online purchases.
The ability of chip and PIN to address multiple forms of fraud cannot be overstated, particularly their application to online purchases. According to Aite Group, online fraud, also called card-not-present fraud, will rise to $4 billion this year, up from $3.2 billion in 2015. FTI Consulting is projecting online purchases will nearly double its market share in the next decade, reaching $440 billion by next year.
The rise in online sales has created a lucrative and relatively low risk market for fraudsters. This fraud has already started to significantly cut into online retailers’ profits, resulting in 7.5 percent of online merchants’ annual revenue being eaten up by costs associated with fraud.
It’s clear that the insufficient actions card issuers are taking in the U.S. are not working. While they may have put a dent in counterfeit card fraud figures with chip-and-signature cards, all they have really done is shift fraudsters’ focus to other forms of fraud in the card-not-present space. This is clearly illustrated by the fact that the U.S still ranks high among other countries in global fraud charts a full year after chip-and-signature cards were issued in earnest.
The bottom line is the half-measure approach of equipping these new cards with only chip and signature, instead of the clearly more secure and readily available chip and PIN, is not the solution to America’s fraud problem this holiday season. And as we feared, this problem will persist for the foreseeable future if credit card issuers and banks don’t change their ways and offer the stronger protection chip-and-PIN offers consumers.
Debra Berlyn is president of Consumer Policy Solutions and leader of Protect My Data.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Submission guidelines can be found here.