A hotel rewards program that I belong to features a credit card. The product is issued by Chase, and early this year I received a brand new card as part of the customary cycle of refreshing expiration dates.
The subtleties of the payments business are many. Opening the envelope, I was surprised and even a little impressed. The newly issued card had a new design, the key component being a color change. Where I had a mundane hotel rewards card in my possession before, I now had a BLACK card. What else had changed? Absolutely nothing. Same credit line, same interest rate, same fee structure, same benefit package.
In the months since I’ve traveled and used this new Black card, I’ve been shocked at how many waiters, cashiers, and even dinner companions stop and ask to see my card. I think they believe I must be a high roller, carrying a card with no limit and the ability to get me courtside tickets to an NBA finals game. Well, I know the truth and just like the card, I’m the same old “me”.
Just as I was getting used to the unwanted attention that comes, apparently, with carrying a Black card, I received another envelope from Chase last month. I was even more surprised to see another card in the envelope and after reading the literature inside, understood why I was being sent another card so soon after the last.
Then I spotted it. I was being issued a card with a chip on board. Added security was the message I saw in the copy.
I was excited about this and wanted to learn more about the implications of this new chip card. To do so, I contacted Richard Sanders, one of my Customer Strategy Network colleagues based in the UK and a veteran of the payments industry. Richard is founder of Hermosa Consulting, the Payments Partner for Mackman Associates, and an Associate of Consult Hyperion.
When I told Richard Sanders about the new card, he calmly asked me “does it work as Chip and PIN together”? With some hesitation, I responded that no PIN was required at this time. Richard, the person principally responsible for launching the first Chip and PIN card product in the UK at Abbey Bank in 2002, was incredulous, saying “Why would the bank incur the expense to re-issue a card when the added security feature does not exist until Chip and PIN are turned on?”
It is an interesting question. The deadline mandated by card associations Visa and MasterCard to implement EMV in America is looming in October 2015. At that time, if merchants have not made changes to their point-of-sale (POS) systems to accommodate Chip and PIN, any liability for fraud that transpires past this date will be the responsibility of the merchant until they do become EMV compliant. The concern over fraud liability is significant, as the US is the last developed market in the world to adopt the EMV standard and, as you can learn more about in this great video from Square, the US is now the target for a disproportionate level of fraud worldwide.
Maybe the banks are protecting their turf by issuing chip cards and meeting their half of the regulatory equation. This would seem to be a strategy that serves the banks well, but leaves cardholders without a full understanding of what they are holding in their hands.
Without the PIN feature turned on, the chip card I received in the mail does very little more to protect me than the previous one with magnetic stripe only. My new card has a mag stripe, so even though there is encrypted information on the chip, the card can still be skimmed and my account violated. The face-to-face transaction security offered by Chip and PIN at POS is not yet there, and Richard advised that I would have problems using the card internationally without the PIN feature turned on.
Richard expressed concern over the lack of information being provided to US cardholders at this time. If someone like myself had to think twice about what my card now offered, the general public would be totally at a loss, especially as the US has some banks issuing full Chip and PIN cards and others Chip and Signature. The approach to consumer education about the new EMV standard in the US so far is interesting, as you can see from these contrasting information pages at Chase and Square.
Richard highlighted that when EMV was introduced in the UK, the banks funded an extensive communication program during rollout using all possible mass media channels, including TV, newspaper, and radio to alert customers to the changes. The mass approach was supplemented by card statement messages and inserts to ensure cardholders understood what they had to do when they received a new card.
At this point in the EMV game in America, it seems the banks are taking the Pontius Pilot approach to liability, operate within pre-established guidelines and wash their hands of any further responsibility. Consumers meanwhile are left to figure out the vagaries of the card business and their role in a transaction on their own.
And merchants? They had better hurry up and make decisions as the cost of fraudulent transactions may soon outweigh their investment in changes to their POS equipment. Merchants will be faced with many puzzled customers in their stores and they will need to ensure their staff can assist and inform in a competent manner.
The slow wade into EMV waters by US banks impacts more than the merchants and consumers inside our borders. Richard mentioned that frequent international travelers from the US would be expecting Chip and PIN because that is the standard in the rest of the world including Canada and Mexico, the US’s closest neighbors. And, until the US is fully compliant, it will be impossible for other Banks worldwide to remove the stripe from their cards, allowing the fraudster an extended window of opportunity to take advantage of merchants and consumers alike.