"I think the U.S. is targeted because there's more and wealthier people on the Internet and we're more active in e-commerce," Avivah Litan - Distinguished Analyst at Gartner Research - Quoted in Washington Times
Editor's Food for Thought: If the U.S. did bite the bullet and decide to spend $8 Billion Dollars to switch over to Chip and PIN it is NOT going to reduce eCommerce Fraud one iota
At least not until we start swiping the card itself. (Replacing the Card Not Present Environment with a Card Present one.) As long as there is a Card Not Present" environment, there will be fraud, because fraud, like water, finds the path of least resistance. The path we are on (typing vs. swiping) makes it easy for the bad guys to steal our personal data and wreak havoc. Wake up and smell the coffee!
Until we start "swiping our cards" it would make NO DIFFERENCE WHATSOEVER, in terms of eCommerce Fraud, whether the cards that banks issue are Contactless, Chip and PIN, Magnetic Stripe...or anything else.
What difference does it make whether there is an integrated circuit built into the card if we don't swipe the card? It wouldn't matter if a card had the users DNA embedded onto the card if the card is not read. Until consumers stop entering their credit/debit card number by typing it into a box on a website, there will be fraud. Where am I wrong here? Hint: Nowhere!
Anyway, I thought it important to make the distinction prior to you reading the Washington Times article below. In regards to the "brick and mortar" space, I agree that switching over to Chip and PIN would greatly reduce fraud created by cloning magnetic stripe cards, but, again, until we start swiping and stop typing, it won't matter if the card is Smart, Dumb, a Kindergartner or Einstein.
There is the only one "Smart vs. Dumb" argument when it comes to transacting on the web. What's dumb is typing/entering our card information into a browser environment. What's Smart is swiping the card in order to instantaneously "encrypt" the card information keeping it from the bad guys. (in fact, it's such a simple concept, I got a Kinder-Gartner to draw it up for you...she's right!)
By the way, HomeATM's PCI 2.x certified personal point of sale terminal would not only enable consumers to swipe their magnetic stripe card, but we also have an EMV version which would enable consumers to swipe smart cards.
So let's not confuse eCommerce transactions with brick and mortar. In the brick and mortar world the card is swiped. Until we convert the "card not present" methodology currently relied on for Internet Financial Transactions, into a "card present" environment, by providing consumers with a personal card reader and PIN Entry Device, the point is moot.
Here's the Washington Times Story: (excerpts only)
The industry is tight-lipped on fraud losses, although they are known to be in the billions each year.
"They don't ever reveal the exact numbers, so we don't know," said Ms. Litan. "All we know is there are a lot of breaches and there's a lot of money being spent on security in the wrong places." The "chip and PIN" system used for payment cards in much of the world greatly reduces the risk from cyberthieves. (Editor's Note: Again, it would NOT reduce "card not present" fraud until we stop typing)
Although this smart-card system isn't foolproof, in most cases a thief would need to physically possess your card in order to withdraw cash or make an unauthorized charge. With magnetic-stripe technology, hackers can reprogram a dummy card with your account information. (Editor's Note: A cyberthief would NOT need to physically possess your card until the card industry mandates a "card present" environment for the web...i.e. "Swipe...Don't Type!)
A microchip embedded in each smart card contains the user's account information, and some transactions also require a PIN number. The "chip and PIN" system is used in Europe, Mexico and elsewhere, Ms. Litan said. It will be rolled out in Canada next month. Everyone along the electronic-payments food chain agrees that more security is needed, from the banks that issue the cards to the retailers that accept them to the payment processors whose networks transmit essential information.
It's just that retailers think the banks should pay more and that banks think the retailers and payment processors should pay more.
Every consumer would need new cards — by some estimates, Americans hold more than a billion of them. Even more daunting, every card-swipe machine in the country would need to be replaced. Nagraj Seshadri, senior product marketing manager at security company Sophos, said it cost $1.6 billion to roll out "chip and PIN" in Britain. Since the U.S. poulation of 300 million is five times greater, it could cost $8 billion to do the same here, he said.
Yet the value of purchases made in the United States with Visa Inc.'s debit and credit cards alone exceeded $1.6 trillion last year. And this country is a big bull's-eye for hackers around the world.
Editor's Food for Thought: If the U.S. did bite the bullet and decide to spend $8 Billion Dollars to switch over to Chip and PIN it is NOT going to reduce eCommerce Fraud one iota
At least not until we start swiping the card itself. (Replacing the Card Not Present Environment with a Card Present one.) As long as there is a Card Not Present" environment, there will be fraud, because fraud, like water, finds the path of least resistance. The path we are on (typing vs. swiping) makes it easy for the bad guys to steal our personal data and wreak havoc. Wake up and smell the coffee!
Until we start "swiping our cards" it would make NO DIFFERENCE WHATSOEVER, in terms of eCommerce Fraud, whether the cards that banks issue are Contactless, Chip and PIN, Magnetic Stripe...or anything else.
What difference does it make whether there is an integrated circuit built into the card if we don't swipe the card? It wouldn't matter if a card had the users DNA embedded onto the card if the card is not read. Until consumers stop entering their credit/debit card number by typing it into a box on a website, there will be fraud. Where am I wrong here? Hint: Nowhere!
Anyway, I thought it important to make the distinction prior to you reading the Washington Times article below. In regards to the "brick and mortar" space, I agree that switching over to Chip and PIN would greatly reduce fraud created by cloning magnetic stripe cards, but, again, until we start swiping and stop typing, it won't matter if the card is Smart, Dumb, a Kindergartner or Einstein.
There is the only one "Smart vs. Dumb" argument when it comes to transacting on the web. What's dumb is typing/entering our card information into a browser environment. What's Smart is swiping the card in order to instantaneously "encrypt" the card information keeping it from the bad guys. (in fact, it's such a simple concept, I got a Kinder-Gartner to draw it up for you...she's right!)
By the way, HomeATM's PCI 2.x certified personal point of sale terminal would not only enable consumers to swipe their magnetic stripe card, but we also have an EMV version which would enable consumers to swipe smart cards.
So let's not confuse eCommerce transactions with brick and mortar. In the brick and mortar world the card is swiped. Until we convert the "card not present" methodology currently relied on for Internet Financial Transactions, into a "card present" environment, by providing consumers with a personal card reader and PIN Entry Device, the point is moot.
Here's the Washington Times Story: (excerpts only)
Keeping credit cards secure
By William Ehart
Next-generation security for debit and credit cards is on hold in the United States as banks and retailers argue over who should pay for a new system. Americans continue to use plastic for more and more transactions, at checkout counters, over the phone and on the Internet, despite increasingly frequent security breaches.
But the banking industry's losses have not been large enough to spur a consensus on financing the estimated $8 billion cost of moving beyond the aging magnetic-stripe technology now in use, analysts and consumer advocates say. "Up until now, it hasn't been that necessary, but in the last few years, hundreds of millions of cards have been compromised," said Avivah Litan, a Gartner Research analyst.
"The question is, how much more fraud do the banks want to tolerate?"
"The old formula that a lot of them are still using is, 'What is the cost of fraud or loss versus the cost of putting in a new system,' and it's the wrong formula."You have to consider what is your fraud loss, what is the cost of losing your customers, the decline of your stock price, what's the cost of your fraud resolution units and the loss of your reputation? - Linda Foley - Founder of Identity Theft Resource Center in San Diego
The industry is tight-lipped on fraud losses, although they are known to be in the billions each year.
"They don't ever reveal the exact numbers, so we don't know," said Ms. Litan. "All we know is there are a lot of breaches and there's a lot of money being spent on security in the wrong places." The "chip and PIN" system used for payment cards in much of the world greatly reduces the risk from cyberthieves. (Editor's Note: Again, it would NOT reduce "card not present" fraud until we stop typing)
Although this smart-card system isn't foolproof, in most cases a thief would need to physically possess your card in order to withdraw cash or make an unauthorized charge. With magnetic-stripe technology, hackers can reprogram a dummy card with your account information. (Editor's Note: A cyberthief would NOT need to physically possess your card until the card industry mandates a "card present" environment for the web...i.e. "Swipe...Don't Type!)
A microchip embedded in each smart card contains the user's account information, and some transactions also require a PIN number. The "chip and PIN" system is used in Europe, Mexico and elsewhere, Ms. Litan said. It will be rolled out in Canada next month. Everyone along the electronic-payments food chain agrees that more security is needed, from the banks that issue the cards to the retailers that accept them to the payment processors whose networks transmit essential information.
It's just that retailers think the banks should pay more and that banks think the retailers and payment processors should pay more.
Every consumer would need new cards — by some estimates, Americans hold more than a billion of them. Even more daunting, every card-swipe machine in the country would need to be replaced. Nagraj Seshadri, senior product marketing manager at security company Sophos, said it cost $1.6 billion to roll out "chip and PIN" in Britain. Since the U.S. poulation of 300 million is five times greater, it could cost $8 billion to do the same here, he said.
Yet the value of purchases made in the United States with Visa Inc.'s debit and credit cards alone exceeded $1.6 trillion last year. And this country is a big bull's-eye for hackers around the world.