Time for Shady Pines Retirement Home, Mag Stripe

Not surprisingly, the Javelin Research Team have had quite a lot of media requests since the start of the year relating to the Target data breach and why the US hadn’t moved to this new fangled chip card technology called EMV (no, not a record label with a dog sticking it’s head into a gramophone). I’m not going to get into the many, many conversations we had about whether the Target breach could have been prevented with EMV, or the relative benefits of chip and signature compared to chip and PIN. What I am going to discuss is the topic that didn’t come up – when will the payments industry finally ditch the magnetic stripe?

It seems that the US payments and retail industries are putting a massive amount of faith into EMV as a card fraud silver bullet. In a letter to Congress, Target’s CFO, John Mulligan stated;

“The latest “smart cards” have tiny microprocessor chips that encrypt the personal data shared with the sales terminals used by merchants. Why is such a change important? Even if a thief manages to steal a smart card number, it’s useless without the chip.”

True, true. But what about the mag stripe on the back? I’m not arguing that EMV will not reduce counterfeit card fraud. It’s been proven to do so pretty much anywhere it’s been deployed. But the magnetic stripe will remain a loophole until there is 100% EMV terminalization of the US.

I’m not alone in thinking this. During the CVM/EMV keynote panel session at the SCA payment summit in Salt Lake City, Jack Jania, SVP Secure Transactions at Gemalto, challenged the industry as follows…

“ In light of the recent (Target) data breach, isn’t it time to add a mag-stripe end-of-life milestone to the official EMV migration time line? Everyone knows that it is easily to clone mag-stripe cards and that fact makes card holder data very valuable to fraudsters. It’s time to minimize cardholder data value to criminals by eliminating the mag-stripe from the card body and close this known security hole.”

So, I (and Jack) suggest that the conversation needs to swing to when the lowly old mag stripe is sunsetted. There must be a tipping point where the penetration of EMV cards and card readers in the US makes it viable to simply stop issuing cards with mag stripes, not just here but globally, finally forcing the hand of merchant laggards to move from payment technology from the 1960’s to the 1980’s. Nostalgia doesn’t seem a valid reason to cling on – I’ve given up on both cassette tapes and CDs with very little discomfort.  I’m sure the payments industry can also wean themselves off the mag stripe and let it live out its final days in peace if they really try.

Category: Dynamic Payments

Tagged:      , , ,

2 Responses

  1. I just turned off *all* my bank, ATM/debit and credit cards except one, which I will use when no other option is available (e.g., online purchases, car rentals). I will be paying for everything with cash and checks from now on. Bills will be sent to a USPS post office box. Bills will be paid by check, and sent directly from a USPS location (not mailbox). I also implemented LIfeLock.

    Why?

    Because I’ve had a card copied by a thief. I’ve had my mailbox robbed multiple times (now a locked box… that’s been broken into once). My wife had her card compromised in the Target breach. I’ve had to replace a piece of bank plastic at least once a year for the last five years running. I’ve had enough of that.

    The payments players need to get their security act together, or more and more people will be following me back to the Neolithic Age of Banking — checks, cash, mail.

    The bigger your digital footprint is in the payments space, the bigger your risk and the greater inconveniences you face.

  2. Tektimes says:

    Yes, smart cards provide strong support for authentication to access our personal information as they use digital coding and have more capacity for storage. And they are more secure for use.

Leave a Reply