The joke is on us!! During the holiday frenzy to find just the right gift for someone we as consumers are being played like a fiddle by many retailers when it comes to protecting our credit card data. Throughout this year leading up to October 1st, U.S retailers and card issuers were being put on notice that they would be responsible for fraud that compromised magnetic-stripe card transactions if they did not install updated point-of-sale equipment to accommodate chip cards.
Chip compliant credit cards have been the norm for quite some time in many European countries, but their cards must retain a magnetic-stripe so they can process global payments in those countries where chip technology is not universal or not yet available. However, my holiday shopping experience leaves me wondering just how seriously U.S. merchants are taking the threat of data compromises. Sure, we read and hear a lot of lip-service from retailers and their trade associations about their concern for protecting customer data, but are they really being honest?
In Europe when a customer inserts a credit card with an embedded chip into the card reader they must also enter a pin code to complete the transaction. The addition of a pin code has reduced credit card fraud in Europe to a fraction of what it was previously. In the U.S. retailers pushed back on the requirement of entering a pin code because they felt the entire transaction would take too long, thus creating lines at the registers, customers would become impatient and they would lose customers. The entire transaction between inserting the card and leaving the register with one’s merchandise takes about 10-15 seconds. That’s “seconds” not minutes! Who are the retailers trying to fool! It’s all about their bottom line and really nothing about properly protecting their customer’s credit card data.
In reality we as customers are being short-changed. In the U.S., not requiring a pin code in addition to the chip card means we are being protected by half measures. In other words U.S. retailers were able to buy “half the loaf” instead of the “whole loaf” to protect our credit card data properly. Speaking from personal experience over the past three weeks while shopping at many national and regional retail chains I was able to use my chip embedded credit card in only two stores. All of these stores including some of the notable giants did have point-of-sale equipment at their registers that could accommodate a chip card—BUT—the excuses as to why I still had to swipe my card instead were ridiculous….”we’re having trouble integrating the chip software with our systems”…” the chip software has not been installed yet”….”the card reader is broken and needs to be fixed”…”our phone lines are down (???)”…”we are waiting until after the holidays”. In only one location for a major sporting goods chain did the register attendant admit that although their point-of-sale equipment could accommodate a chip card the company was holding off installing the chip reading software until after the holidays because they felt it took too long to complete a sales transaction.
So what is the take away in this situation? We as consumers are too complacent and naive when it comes to protecting our data as we are with most other things that affect us economically and socially. We need to put pressure on our representatives to engage the services of the proper experts in the technology arena to address and meet this challenge head-on and develop “whole loaf” solutions to protecting customer information. We need to do away with flavor of the month sound bites we hear from retailers and our representatives that are designed to appease us and keep us complacent, but still leave us exposed.