Doug Kantor, counsel for the Merchants Payment Coalition, said in an op-ed last week that the “broken” U.S. payment system lacks security because credit card companies “that control the system can push the costs of fraud onto retailers.”
Kantor said Visa and MasterCard “control all of the elements related to the operation of their card networks,” including swipe fees, protection of consumer data and who bears the cost of fraud,” according to American Banker.
He said Visa and MasterCard have seen $8.1 billion in profits over the past year but have had “minimal exposure” to financial losses resulting from security breaches like the recent Target breach.
“While Visa and MasterCard dictate card security and allow transactions to proceed without authentication or encryption, they have little real interest in implementing effective security because they don’t absorb many fraud losses,” Kantor said, American Banker reports. “In other words, doing what is right would cost Visa and MasterCard without adding to their revenue. So they don’t bother.”
Kantor pointed to criticism of the Dodd-Frank Act’s Durbin Amendment, saying the rule has had “no direct financial impact on Visa and MasterCard.”
“In fact, under Durbin, merchants paid $250 million in special interchange fees over the past year to the largest banks covered by the Durbin amendment to ‘innovate’ data security methods that better protect the consumer,” Kantor said, according to American Banker. “Any contention that Durbin may have financially hamstrung issuing banks (the fewer than 200 covered under Durbin) from doing the right thing is just wrong.”
Kantor said merchants have invested billions in securing transactional endpoints just to comply with Payment Card Industry security standards controlled by credit card companies.
“Instead of focusing on the most effective anti-fraud systems possible, such as simply requiring the use of PIN, PCI focuses on pushing costs onto merchants,” Kantor said, American Banker reports. “Target was in compliance with PCI standards. Clearly that wasn’t enough.”
Kantor said retailers and consumers are victims as a result of “major card companies devaluing security,” adding that card companies’ refusal to tackle card security has made the country’s payment system more vulnerable.
“Our country is magnet for fraud even though we pay the highest swipe fees in the industrialized world,” Kantor said, according to American Banker. “Real card security standards need to come from an objective source, such as a standard-setting organization or regulator, not the card companies, if we are ever going to turn around our dismal results.”