In just the past two months, three of the nation’s largest retailers have filed lawsuits against the two biggest credit card companies over how consumers pay at the register. Walmart, Home Depot and Kroger have all filed suits alleging Visa and MasterCard chose to leave consumers unnecessarily vulnerable to fraud in favor of padding their own bottom-lines.
These lawsuits can, in part, be traced back to Oct. 1 of last year, when retailers became responsible for upgrading point-of-sale terminals to accept new chip cards or be liable for fraudulent purchases made using older payment technology. The “liability shift” was riddled with problems but served the credit card companies’ and banks’ interests by allowing them to offload millions in fraudulent charges onto retailers.
The lawsuits filed by the three retailers are not identical, but they all focus on card issuers’ long-held practice of relying on signatures while processing everyday consumer transactions. While the new chip cards are light years more secure than the archaic magnetic stripe cards they replaced, they still rely on an equally outdated practice of verifying the cardholder with a signature.
As Walmart stated in its lawsuit: “Signatures can be forged or copied, and cashiers may forget to check the signature on a receipt or (point-of-sale) terminal to make sure it matches the signature on the back of the card.” Furthermore, Home Depot argued, “Visa and MasterCard do not require that signatures are verified and even discourage merchants from verifying signatures, for fear that consumers will be less likely to use their payment cards.”
As those points illustrate, signatures have become a mere formality when making a purchase. And in a world where most transactions occur online, it should not even be considered a legitimate security measure.
However, despite the obvious and overwhelming shortcomings of signatures, card issuers remain dead set on keeping the practice commonplace in the U.S. because companies like Visa and MasterCard have a relative duopoly on the networks that process transactions and profit more so from the transactions that are verified by signatures.
Instead of settling for the rightly derided signatures, card issuers should have opted for a far more secure and readily available card payment technology known as chip and PIN. Chip and PIN is not new — most developed economies, such as Canada, Australia, the U.K. and Europe, all implemented chip and PIN more than a decade ago, and all saw noticeable drops in fraud after implementing the two-layered security system.
The two-step authentication process is what makes chip and PIN the best available option while other technologies like biometrics and tokenization are still in the early stages of use. By coupling a PIN with chip technology and incorporating ways for consumers to use PINs online, the cards could address multiple types of fraud including counterfeit fraud, online fraud and lost/stolen fraud, which accounts for 96 percent of fraud in the U.S. Card issuers’ decision to forgo the second layer of protection provided by a PIN will mean the new cards only address counterfeit fraud, which accounts for only about a third of card fraud in the states.
This imprudent decision is what has led to the U.S. to trail only Brazil and Mexico in credit card fraud, as almost half of all U.S. consumers have been victims in the last five years, according to a recent survey by ACI Worldwide.
That is a jarring statistic, and one that warrants action from the financial industry. It’s clear that the payment ecosystem is not working well enough to protect consumers. The time to fix this broken system is now, and there is no better place to start than finally providing Americans the basic credit card security measures that have long been proven successful across the globe.
John Celock is executive director of 21st Century Consumers, an advocacy organization focused on the interests of consumers using emerging technologies for goods and services.