Chip and pain

Chip and pin card security will not arrive unless governments get fully behind it, suggests Rob Corder.

  • E-Mail
By  Rob Corder Published  February 3, 2009

The first time I heard that a GCC country would be introducing chip and pin security on its bank cards was around 1994.

Mastercard (or was it Visa?) declared that the technology was ready for roll out, and hosted a joint press conference with local banking officials to announce its launch.

Anybody European who has arrived to live or holiday in the Gulf over the past 15 years will know that the technology certainly was ready for prime time way back in the mid-nineties.

It must be puzzling, given the number of security scares associated with bank cards in recent years, that chip and pin has not arrived.

The added level of security offered by chip and pin has been proven to cut fraud. In 2005, the first year of its mandatory introduction in the UK, card fraud was cut by 13 percent, and has been continuing to fall ever since as additional layers of security – made possible by the on-card chip – have been introduced.

But the move to chip and pin is not simple. It requires considerable effort and investment from banks, retailers, network service providers, and governments.

At a technology level it requires all retailers to upgrade their point of sale systems to include a chip and pin card reader, and to ensure that reader is connected to central clearing systems over wide area networks. These networks are too slow and unreliable across considerable swathes of the Middle East.

Banks, in conjunction with card issuers such as Visa, Mastercard and American Express, have to undertake the expensive and complex process of upgrading their own systems, and issuing new plastic to every single one of their customers.

This is almost impossible to pull off in a big bang way. The changeover process in other countries has taken months, or even years.

This creates the need for two systems to operate in parallel, at considerable cost to all involved.

This partly explains why political will is required. Government has to play a roll in forcing businesses to make the switch.

In Europe this process was driven using a little-noticed, but considerable change in the law. Liability for card fraud was transferred from banks to retailers, making it more risky for them to accept non-chipped cards than it was to accept the new chipped versions.

Retailers rapidly upgraded and pushed their customers towards the use of chip and pin, before eventually phasing out traditional signature-based cards.

The cost for retailers paying for new terminals was offset by lower insurance premiums for fraud compared to those that didn’t make the change. The old system quickly made no commercial sense.

Despite the success of the switch over to chip and pin in Europe, it was not without pain.

Retailers were initially reluctant to accept the shift in liability onto their shoulders. They certainly did not want the expense of new technology, particularly when card issuers were dragging their feet.

At the time of the switch in liability in the UK, 40 percent of cards in circulation had not been upgraded.

Customers were confused, and retailers were at the front line for dealing with an avalanche of problems.

But the pain is worth it in the end, and GCC authorities must show leadership in pushing through this change.

The announcement from UAE Central Bank this week that it is merely “asking” all banks to move customers to chip and pin does not inspire confidence, particularly since no time frame has been given.

Fifteen years on from the first time I heard about chip and pin launch in the GCC, I fear authorities continue to lack the will to push through this important and necessary change.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code