Column: How the banks imposed their leaky credit-card security system on merchants and consumers

Many Main Street retailers are liable for fraud and can't accept chip cards because credit card companies have yet to certify their security systems.
Even with the new chip cards, U.S. customers still lack the protection of PINs that consumers in the rest of the world punch in during a purchase. ZACK WITTMAN   |   Times
Even with the new chip cards, U.S. customers still lack the protection of PINs that consumers in the rest of the world punch in during a purchase.ZACK WITTMAN | Times
Published
Updated

Credit card companies and their member banks are exploiting small retailers — the backbone of communities across America — through a recent shift to credit and debit cards with embedded computer chips supposed to enhance security.

The banks that issued the cards then shifted liability for fraud to retailers until we adopt their security system. Visa and MasterCard can force this arrangement on retailers because they utterly dominate the nation's payments system.

The change is one of the most flagrant abuses of corporate power we have seen. And — as always with the credit card companies — merchants are at their mercy.

I know this firsthand: I run a general store that opened on Sanibel Island in 1899 and is now the oldest and largest on the island; we operate two full-service supermarkets, a hardware store and a catering company.

My background is in information technology — I joined my wife's family business only a dozen years ago — and I was glad the card companies were finally switching from the magnetic strip, a 1970s technology long abandoned in other countries because it is easily replicated by thieves.

The nightmare started in 2012, when the credit card companies told merchants they must buy machines and software to read the new cards and have these systems ready by October 2015 — or the merchants would then be liable for fraud instead of the banks.

I spent more than $100,000 on upgrading my system, a huge investment for a small business, well before last October's deadline.

But the card companies weren't properly prepared and have yet to certify me and many other Main Street retailers, which means I cannot accept chip cards. And so I'm also now liable for credit card fraud even though I've had the required security system installed for two years.

When will they get to me? I'm told the big retailers come first, then smaller ones like me. But nobody seems to know — all I can do is sit and wait.

Because it has taken so long in the United States for banks and credit card companies to modernize their outdated security system, we are one of the few places left in the world where debit and credit card fraud is growing.

Half the $16 billion in card fraud in the world happened in the United States in 2014, according to the authoritative Nilson Report, even though we have less than a quarter of the world's card transactions.

Our international customers are astonished by the limited use of chip technology.

Even with the chips, U.S. consumers and merchants still lack the added protection of the personal identification numbers that consumers in the rest of the world punch in during a purchase (much like the four-digit PINs Americans use now to withdraw cash from their ATMs).

It's inexplicable why banks and credit card companies would endanger consumers and merchants by depriving them of this additional security.

They say it's because customers just don't want to remember those four digits. Absolutely false.

If the banks would tell their customers that no less an authority than the Federal Reserve says PINs make transactions 700 percent safer, consumers of course would demand them.

Merchants aren't the only people appalled by this mess. Sen. Dick Durbin, the Illinois Democrat, recently wrote to the consortium of six credit card companies that devised the new security system, EMVCo, complaining that they made unilateral decisions for murky reasons without consulting retailers, creating "chaos."

In that respect, EMVCo is very much a creature of the credit card companies, two of which — Visa and MasterCard — are so large that they dominate the market, dictating terms to retailers, raking in huge profits that wind up costing consumers big at the checkout line, and flouting antitrust law.

This is just their latest caper. But it's potentially one of their most harmful abuses.

It's time regulators such as the Federal Trade Commission sorted out this train wreck.

Durbin and a group of 20 House members have also written separately to the commission.

The commission needs to wake up and start protecting consumers and small merchants instead of standing by while the credit card companies and their banks rake in millions of dollars.

Richard Johnson operates Bailey's General Store on Sanibel Island.

Advertisement