Why Americans Are a Huge Target for Credit Card Fraud

Put yourself inside the mind of a cyber-criminal for a moment. You could try to hack businesses based in any country in the world and steal their customers’ credit card information, so where would be the best place to commit your crime? If you are smart, you will try to penetrate the most vulnerable security systems.

Unfortunately for Americans, the weakest links in the worldwide payment ecosystem are in the U.S., according to Martin Ferenczi, the North American President for Oberthur Technologies. Oberthur is one of the companies leading the development and deployment of more than 1.5 billion smart chip-enabled credit cards.

How We Got Here

Ironically, the U.S. got left behind in credit card technology in part because it was so advanced in communications technology. Data communications costs have historically been very low in the U.S., allowing merchants to affordably authenticate credit card transactions with remote servers. On the other hand, our European counterparts who were facing more expensive communications costs, developed a method of securely authenticating a credit card transaction that didn’t rely on the connection to a central database.

Ferenczi blames the entire industry for a lack of foresight on this issue. For a long time, the cost of fraud in the U.S. was low enough that it just didn’t justify the expense necessary to upgrade the system. But it turns out that it was misleading to predict future levels of fraud by examining historical trends. “The Target breach in 2013 was a serious wake-up call,” according to Ferenczi.

Since the U.S. hadn’t converted over to the newer smart chip credit card technology, hackers started focusing on stealing credit card numbers here. Once stolen, these credit card numbers can be used to create cloned cards with the old magnetic stripe technology. Meanwhile, cloning a card with a embedded smart chip is considered to be much, much harder.

How the U.S. Is Moving Forward

“The migration to chip cards has occurred over many years in Europe and China. More recently, the U.S. decided to move to chip tech, but has been hesitant,” says Ferenczi. Credit card processors and merchants are now moving fast to change over to the new system, but it won’t occur overnight; the switch requires significant work and expense, he warns. Oberthur develops an operating system incorporated in the new EMV smart chips, but it also manufactures cards which are personalized at a center where data is received and put into chip or stripe.

The entire industry is now focused on the “liability shift” that will occur in October 2015. At that time, the card issuer or merchant that doesn’t support the latest smart chip technology will have to pay for the cost of fraud (gas stations with pay at the pump terminals will have until 2017 to comply). Right now, card issuers are completely liable, whereas credit card users are protected from paying for the cost of fraud under the Fair Credit Billing Act.

The next steps are toward chip and PIN cards that require cardholders to enter a personal identification number, followed by even smarter cards that will have a dynamic CVV (the three-digit code on the back of the card). That number will change each time you use it, preventing a criminal from making a transaction over the Internet, even when they already have your credit card number.

Credit card technology in the United States is moving forward quickly, but we are really just playing catch-up with the rest of the world, as well as with the criminals.