MasterCard, Visa form group to push for better card security
(Reuters) - Visa Inc and MasterCard Inc said they had launched a cross-industry group to improve security for card transactions and press U.S. retailers and banks to meet a 2015 deadline to adopt technology that would make it safer to pay with plastic.
The move follows several data breaches at U.S. retailers, including one at Target Corp late last year involving the theft of about 40 million credit and debit card records.
The new group - which includes banks, credit unions, retailers and industry trade associations - will initially focus on the adoption of 'EMV' chip technology, MasterCard and Visa said in a statement on Friday.
EMV cards, already used in Europe and Asia, store information on computer chips rather than on traditional magnetic strips, making them harder to counterfeit.
They can also require - depending on the issuer - that users enter a personal identification number, or PIN, to make purchases, adding an extra layer of security.
However, the National Retail Federation, the world's largest retail trade association, said it had not joined the group because there were no plans to immediately implement the PIN option, making for a "half-baked solution."
"They're not serious about reducing fraud, unless they put a pin on," said Mallory Duncan, the NRF's general counsel.
"We remain insistent that U.S. retailers' customers be given the same protections as consumers in more than 80 countries who have both a chip and a PIN securing their credit and debit cards," Duncan said in a statement.
Visa and MasterCard declined to provide details on specific proposals for the technology to be used in the cards or the make-up of the cross-industry group.
The American Bankers Association did not respond to requests for comment but Patrick Keefe, a spokesman for the Credit Union National Association, confirmed that the trade association was part of the industry group.
"The recent high-profile breaches have served as a catalyst for much needed collaboration between the retail and financial services industry on the issue of payment security," Visa President Ryan McInerney said in the statement.
STRIKING WHILE IRON IS HOT
MasterCard and Visa had already set a deadline of October 2015 for U.S. retailers to adopt the new payment technology.
"Probably about 80 percent plus of the larger retailers were going to be able to make the deadline anyways," said David Robertson, publisher of payment industry newsletter The Nilson Report. Robertson said the formation of the group would help push small and mid-size retailers to adopt the new technology.
Banks and retailers have been dragging their feet over the upgrade, at odds over how the costs would be split.
The NRF has said it could cost the U.S. retail industry about $30 billion to upgrade to chip-based cards, including equipment, training and software.
"Banks and retailers want to make sure that if they invest in new infrastructure, they'll get the return in reduced fraud," Wedbush Securities analyst Gil Luria told Reuters.
MasterCard and Visa said the group would also address security issues with mobile and online transactions. One proposed solution is for traditional account numbers to be replaced by a unique digital payment code.
Target said last month it was accelerating a $100 million program to implement the use of chip-enabled smart cards to protect against cyber threats, with a goal to have the technology in place by early 2015.
"In the aftermath of the Target breach, security is on the minds of executives in the way it hasn't been in a very long time," Robertson said. "This is a classic example of trying to strike while the iron is hot."
(Additional reporting by Tanya Agrawal; Editing by Kirti Pandey, Don Sebastian and Ted Kerr)