Follow-up: Why Are We Adopting the Stupidest Possible Payment System in the US?
Yesterday I wondered aloud why it was taking so long for chip-and-PIN credit cards to come to America, and why, now that they're finally here, we're getting lame chip-and-signature cards instead.
First things first. There's actually not a lot of mystery about why it's taken so long, something I've written about before. Roughly speaking, the answer is that fraud detection in the US improved dramatically in the 90s, and that reduced the motivation to make the switch. Conversely, fraud detection in Europe was more primitive, so it made a lot of financial sense to transition to chip-and-PIN. Most of the transition costs were paid for by reduced fraud.
So that explains that. But now that we're finally making the switch, why are we moving toward chip-and-signature? The whole point of smart cards is that the chip makes them hard to counterfeit and the PIN makes them hard for thieves to use. Chip-and-signature cards are still hard to counterfeit, but they can be used by thieves just as easily as current mag stripe cards. Plus they aren't universally compatible in the rest of the world.
The answer, apparently, is that banks don't want to do it:
The changeover in this country will be costly—as much as $35 billion, by some estimates.... According to the National Retail Federation, merchants are willing to spend that money if the banks issue the right kind of smart cards. Retailers want what are called chip-and-PIN cards, which require that a PIN be entered for each transaction.
....At a news conference Tuesday, Mallory Duncan, the federation's senior vice president and general counsel, called chip-and-signature cards a bad idea. "It's like locking the front door and leaving the back door open," he said. "It would be a shame to spend all that money for a half-baked solution."
The American Bankers Association said the marketplace should be able to accommodate both chip-and-signature and chip-and-PIN smart cards. "It's the only way for this complex payments system to continue to deliver convenience and meet the needs of consumers," said Jeff Sigmund, the association's senior director of public relations.
Well, sure, the marketplace can accommodate both, but banks are apparently planning to issue signature-only cards, not cards that can be used both ways. Why?
"Merchants see the PIN as a more secure option, but it doesn't make a lot of sense to the banks because it really doesn't do anything," said Alphonse Pascual, a senior analyst for security, risk and fraud at Javelin Strategy & Research. "It would be like putting a new deadbolt on your front door and then putting gum in the lock. It's the lock that's protecting you, not the gum."
This makes no sense. A PIN foils thieves. What's really going on here is that it's merchants who mostly pay the costs of fraud these days, so banks don't care much about it. Apparently, this means they just don't want to deal with the hassle of PIN cards:
There's also the concern that Americans, who tend to have a variety of credit cards, would have a tough time managing multiple PINS.
"If the consumer doesn't want to memorize all those numbers, they might choose the same PIN for each card," said Randy Vanderhoof, executive director of the nonprofit Smart Card Alliance. "Using one PIN to protect 10 different cards in your wallet now exposes you to the potential for increased fraud."
PIN technology could pose a challenge to credit card issuers, which must deal with users who can't remember their PIN or need to change it. That was a problem when Canada switched to chip-and-PIN credit cards, but people eventually got accustomed to it.
This is a combination of insulting and crazy. Americans are already accustomed to using PINs, and would have no more trouble managing multiple PINs than Danes and Italians do. And while using one PIN for ten cards might not exactly be best practice, it's certainly better than no PIN at all. How could it possibly increase fraud? Signature cards can be used with nothing more than a scrawl.
And then we get to the last paragraph. If cards have PINs, banks and card issuers will have to spend a bit of money helping people change their PINs.
And that seems to be what we're left with. Merchants are willing to make the switch. Consumers would get used to the switch pretty quickly. But card issuers don't want to bother because it might increase their customer support costs a bit during the transition.
Once again, the American financial industry is proving that there's nothing they can't screw up. For the last two decades they've been just about the least consumer-enhancing industry in the country, and they're continuing their value-destroying ways in the transition to smart cards. I guess we shouldn't really be surprised.
Bottom line: This really begs for regulation from the Fed or Congress. With all the public outrage over recent data breaches, you'd think this would be a relatively bipartisan kind of issue. I understand that it involves regulation, and Republicans have a knee-jerk opposition to regulation of any kind, but honestly, this is precisely the kind of regulation Congress is made for. Do your jobs, folks.