You’re about to get a new credit card … and it’s an epic failure
NEW YORK (CNNMoney) — A huge, $33 billion upgrade is coming to the American credit card system this year. But it looks like a dud.
Today’s magnetic stripe cards will be replaced by fraud-proof smart cards with computer chips. You’ll dip them into new card reading machines (no more swiping).
But there’s a bumpy road ahead — for everybody.
Banks are spending $8 billion or more to issue new cards, but they’re falling behind. Merchants don’t want to spend the $25 billion-plus it will cost to upgrade to new machines. And in the end, consumers won’t be much better off anyway.
Where’s my new card? Chip cards are supposed to be here already, but banks are falling way behind.
Only 23% of debit and credit cards will be replaced by the end of 2015, according to Javelin Strategy & Research estimates.
JPMorgan Chase says it’s ahead of the curve. So far, it has replaced 34% of its 50 million cards. It plans to reach 90% by the end of the year.
But that seems to be an outlier. Bank of America expects only that “the majority” of cards will be chip-enabled this year. And several of the nation’s top banks told CNNMoney they plan to replace cards upon expiration.
That means many cards won’t be upgraded until 2016 or 2017.
If I get a new card, when and where can I use it? It’s not totally clear yet.
All U.S. stores are required to have new machines by October. There’s incentive for shop-owners: card companies will start holding shops liable for credit card fraud if they don’t upgrade their card readers. (Today, if a fraudster uses a stolen credit card at a store, the bank usually pays for the fraud).
But some store owners don’t even think it’s worth the expense. Each new machine costs about $250, and installation might cost twice that. American Express is offering each small business $100 towards the upgrade, but that only goes so far.
A tiny shop might spend $2,000. A medium-sized shop could easily lay down $25,000 to upgrade. That’s the cost of nearly two full-time employees working minimum wage — a killer for a small business.
The cost is monumental at big retailers. Target is spending $100 million to swap out machines and issue its own chip-based cards.
So it’s unknown how many retailers will comply with the new rules. The National Retail Federation says its merchants are spending a lot of money essentially to reduce the cost of fraud for banks.
Is the new credit card system safer? Not really.
It’ll be harder for thieves to create fake physical copies of your card, like they do today. But they can still just type in the stolen credit card number online.
Most disappointing about the new system is that instead of pairing each card with a unique PIN (like the rest of the world), Americans will keep using their signature at checkout. The United States is way behind everyone else on chip-and-PIN: Europe did this in 2005; Africa did it in 2006. A PIN is safer, because only you know the code.
That’s why critics say chip-and-signature is a half measure. Anyone can sign for you. Stores never check their authenticity (because signatures are just for record keeping).
Cybercriminals can still break into a store’s computer system, scrape the memory of payment terminals and steal credit card data. The massive hacks — like those at Target, Home Depot, Albertson’s — will keep happening.
So why are we doing this again? Banks say this year’s change is a big step forward in fraud prevention. Retailers think this is a ploy by banks to slam them with higher costs.
Shops pay larger fees whenever a customer signs for a transaction, and smaller fees when using a PIN (that’s why small shops always want you to pay with your debit card). A chip-and-PIN system would make it all cheaper.
Most banks told CNNMoney they won’t be ready for chip-and-PIN by October, because there wasn’t enough time to make the necessary computer upgrades.
Hearing that made Mallory Duncan, the nation’s top retail lobbyist in Washington, nearly blow his top.
“They made the deadlines!” he said. “Banks got PINs all over Europe, all over Canada. They’d rather have fraud-prone signature, because it potentially makes them more money than a secure PIN.”
The best fraud-prevention solution is to step away from static card numbers (that can be stolen) and replace them with one-time-use “tokens” that change every time you shop, like Apple Pay and Samsung Pay.
Banks recognize this. So if this big upgrade to chip cards seems half-hearted, it’s with reason: Banks want to kill your plastic card soon anyway.
“What we want to do is get rid of static numbers all together. Those are the things that make us vulnerable,” said Doug Johnson of the American Bankers Association.
By Jose Pagliery