Target Breach Spells End for Magnetic Stripe Cards in 2015

After years spent fighting pushes for more secure standards, the payment card industry and retailers are moving quickly to abandon magnetic stripe cards and embrace so-called ‘chip and pin’ technology.

Mastercard and Visa say they will begin requiring more secure 'chip and pin' credit cards in 2015.
Mastercard and Visa say they will begin requiring more secure ‘chip and pin’ credit cards in 2015.

Credit card firms MasterCard and Visa plan to have most customers on the more secure chip and pin cards by October, 2015, according to a report in the Wall Street Journal. The move comes in the wake of a massive heist of account information for tens of millions of credit card holders from the systems of U.S. retailers including Target, Neiman Marcus and Michaels Stores.

In an interview with MasterCard’s Carolyn Balfany, the Journal notes that company has set October, 2015 as the date for a “liability shift” – a change in policy that will hold the party in a fraudulent transaction liable for losses due to that transaction. The goal, said Balfany, is to try to encourage merchants and card issuers (banks) to move to the more secure chip and pin technology in concert.

 

[Check out Security Ledger’s coverage of the recent data breaches at Target and elsewhere.]

Visa said that it also will institute a liability shift in October 2015. However, the shift to more secure cards will likely start much earlier. Visa is requiring all ATMs that accept its cards to be EMV compliant by April of next year.

Accepted wisdom is that the shame of recent data breaches at Target and other retailers finally forced the hand of retailers, banks and credit card firms. However, MasterCard’s Balfany disputes that, telling the Journal that the US put off a move to EMV even after the rest of the world embraced the secure transaction technology because “fraud was more prominent” in other markets and because the “business cases for the costs had to be established.”

One way to translate statements like that is that the reputation damage to Target of this breach finally outweighed the incremental costs of requiring the more secure cards. As the Journal itself noted in an article last month, Target tried and then ditched a $40 million joint project with Visa to use chip and pin cards in its 1,000-plus stores in 2004.

“Executives in Target’s credit-card division tried to keep the program but lost out to the concerns of executives responsible for store operations and merchandising…who worried the technology slowed checkout speeds and didn’t offer enough marketing benefits” the Journal said. Among the executives who fought the move to the new, more secure cards: Target’s current CEO, Gregg Steinhafel.

Comments are closed.