Bart Perkins: Forget the expense -- more secure credit cards are an opportunity

Cost has kept U.S. businesses from adopting fraud-resistant credit cards, but consumer concerns about privacy could make adoption a key differentiator

We're finally ready to get serious about credit card fraud in the U.S. Is your IT department ready for the changes that are heading its way?

U.S. merchants and credit card issuers must implement the EMV credit card standards, requiring embedded chips, by October 2015, or they will be held responsible by Visa, MasterCard and other large credit card companies for the cost of any fraudulent in-person transactions.

Europe's credit cards have been more secure available than those in the U.S. for years. The financial losses caused by fraud hadn't been high enough in the U.S. to spur any change, and businesses were willing to absorb the losses. But then criminals started to target the easier-to-clone U.S. cards, and U.S. credit card fraud doubled over the last 10 years. Still, while credit card fraud now costs the U.S. roughly $1.1 billion, that amount is overshadowed by the approximately $8 billion required to issue new cards and install new card readers in hotels, restaurants, stores and other credit card-reliant businesses.

In business, cost is usually the great justifier when it comes to change. But in this case, it just hasn't been sufficient. But things are changing, and that's because privacy concerns are providing the catalyst to migrate to higher- security cards. The revelations about National Security Agency spying were scary, and the Target breach and other high-profile data losses heightened privacy concerns. The public does not believe that businesses or the government adequately protects consumer data. The final impetus for the migration was the December 2013 Senate Commerce Committee report that revealed that private U.S. data brokers collect enormous amount of data and can identify who suffers from diabetes and who faces financial difficulties. They even know how much time someone spends watching YouTube!

EMV credit cards are significantly more secure than the current magnetic stripe. Each card contains a microchip that encrypts every transaction differently, making the cards extremely difficult to clone. Even if credit card numbers are stolen from a repository, the consumer's personal information is unavailable. The most secure credit cards, known as "chip and PIN," allow the consumer to retain physical possession of the card at all times. Rather than giving the card to a clerk, who could copy critical information, the consumer is handed a portable point-of-sale reader that requires a PIN to complete the transaction.

Although banks and merchants are still debating whether to adopt a full European-style chip-and-PIN approach or a hybrid chip-and-signature approach that would be more familiar to the U.S. consumer, either would be a significant improvement over the current situation.

Any organization that accepts physical credit cards (different technology is being deployed for e-commerce) should upgrade credit card readers to the EMV specification. Businesses such as restaurants, where a server or clerk usually handles the card, will have to update procedures, retrain staff and validate their new approach with their payment processor. In addition, organizations may need to expand their wireless network to accommodate portable card readers.

Although some banks already issue EMV-compliant cards, and a few large retailers (including WalMart and Kroger) are already rolling out EMV card readers, many companies will fail to meet the specified deadline, due to the large investment required. However, savvy retailers view EMV as an element of outstanding customer service. Address your customers' privacy concerns by publicizing your higher security standards as an extraordinary effort to protect their data.

Don't view EMV compliance as another pesky regulatory mandate. Instead, approach EMV as a market differentiator to attract and retain customers who value privacy protection. Let your non-compliant competitors suffer the legal, reputational and financial liability risks. Be the first in your market sector to adopt EMV standards, and win invaluable customer loyalty.

Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners Inc., which helps organizations invest well in IT. Contact him at

Read more about retail in Computerworld's Retail Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags retailsecurityvisamastercardIT managementindustry verticalsregulatory compliance

More about Inc.National Security AgencyTopicVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bart Perkins

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts