The blockbuster theft of credit card data from Target during the holiday shopping rush was just one example of the way outdated cards are leaving Americans more vulnerable to fraud and identity theft than shoppers are in other developed countries. The good news is that the credit card industry is in the process of fixing part of the problem. The bad news is that squabbling among retailers, banks and payment processors is getting in the way of a more complete solution.
The United States is one of the few remaining places where credit and debit cards rely on a magnetic stripe, rather than a microchip, to store and transmit account information. Magnetic stripes are easy to steal information from and to counterfeit, but that's next to impossible with chips. That's why, as other countries switched to chip-based "smart cards," hackers shifted their attention to U.S. targets.
Belatedly, the companies that process credit card transactions (such as Visa and MasterCard) have given banks and retailers until October 2015 to adopt smart cards. If a bank issues the new cards but a retailer doesn't equip itself to read them, liability for any losses caused by fraud will shift from the bank to the retailer. That's as far as banks and credit card companies want to go; thus far they're refusing to require consumers to use personal identification numbers with smart cards, arguing that many retailers don't the necessary PIN pads. But requiring PIN use would help combat the unauthorized use of legitimate cards, which seems worth the cost that the added equipment would impose on some retailers.
Unfortunately, even more sophisticated cards can't stop fraud in online shopping, where there are no smart-card readers or PIN pads. The key there is to prevent hackers from stealing account information in the first place, which means that any company storing such data must keep it encrypted.