Not surprisingly, the banks view the chip-and-signature decision somewhat differently—and are much quicker to criticize the merchants for not providing the necessary technology. “We wanted to really ensure that the smooth transition to chip happened first,” said Dina DeMerell, a director at JP Morgan Chase, of the bank’s decision not to provide its credit-card customers with PINs. “All the merchants are rolling out the capabilities at different times and not in exactly the same way and so we couldn’t guarantee that the experience if we added a PIN would be positive. Will we ever move to PIN in the future? That’s still an outstanding issue.”
Payment processors, meanwhile, have deliberately not chosen a side, which has led them to come up with some creative workarounds that don’t rely on microchips at all. Stephanie Ericksen, the vice president for global-risk products at Visa, pointed to the value of data analytics and geolocation tools in mitigating fraud. “Users could opt in to have their mobile-phone location associated with their account,” she explained. “If your phone is in New York and your card is being used in New York then we’d have much greater confidence that was a valid transaction than if your phone was in London and your card was being used in New York.” Additionally, tokenization—a process by which an online merchant generates a one-time code for an online transaction, similar to the way a microchip generates a one-time code for an in-person transaction—could help protect against card-not-present fraud.
So will the U.S.’s credit-card security ever match the rest of the world’s? “Will we eventually go to chip and PIN? I would believe so, I would hope so,” said Michael Moeser, the director of payments at Javelin Strategies. But what he sees now isn’t encouraging: The U.S. still has a ways to go before it’s ready to accept chips, with or without PINs. “Every time I go into a grocery store or a large chain I see the EMV terminal slot—and it’s been taped over,” he says.
For the time being, then, the credit-card industry will maintain a lousy equilibrium—one that permits the persistence of rampant fraud. “I would love to see fraud go down, but unfortunately, I don’t think that’s going to happen,” King says. “I do think it’s going to shift—experience has shown us that the criminals go to the next lowest hanging fruit which is the card-not-present space. When you’re buying goods over the Internet all you need is the person’s name and the expiry date of the card.”
Just as other countries have seen shifts to online fraud and cross-border fraud in the wake of these transitions, the United States can expect to see its fraud migrate online and elsewhere. Catherine Murchie, the senior vice president at MasterCard, said that as it becomes more difficult for criminals to counterfeit cards, due to EMV technology, there has also been a rise in the number of criminals who apply for new cards under stolen identities, instead of trying to counterfeit existing accounts. So, even if retailers, banks, and processors managed to greatly reduce the amount of fraud in their systems, criminals would likely just find another system to exploit. But at least then it would be someone else’s problem.