The WSJ has an interesting article today on the Target credit card security breach. As the article notes, the US card system is less secure than elsewhere in the world, most notably Europe, which has a “chip and PIN” system, which has a computer chip embedded in the card and requires the purchaser to insert a PIN as well to make a transaction. The Target security breach has led many to wonder–and implicitly the WSJ–why the US has lagged on adopting this more secure technology.
Well it turns out that the economics of credit card security is more complicated than it appears at first glance. But first, an important thing to keep in mind: historically the United States has been a high-trust, low-fraud country when it comes to payment card usage. For example, the conventional practice of handing over your credit card (or debit card) to a waiter in a restaurant and having him disappear into a back room with it is something that must strike people in other countries as somewhat bizarre. Nevertheless, we do it all the time and rarely does anything go wrong in this process. So, this makes a difference–in a high-trust, low-fraud country it generally is not necessary to invest in as elaborate security protections as elsewhere. As an analogy, consider that in the U.S. very few restaurants, stores, or hotels routinely post visible armed guards at their front door, whereas this precaution is not uncommon in other countries.
With that background in mind, the WSJ article contains some interesting numbers relative to the optimal level of credit card security.
First, consider the size of the potential dollar size:
But if the chip cards were used in the U.S., fraud losses could be halved, Aite Group estimates. U.S. merchants and banks had 2012 losses of