A Chip Off the Old Block or a New Direction for Payment Card Security? Chips, Pins, and the Law and Economics of Payment Card Fraud

PSN: Security & Safety (Topic) Pub Date : 2017-11-29 DOI:10.2139/ssrn.3169606

James C. Cooper, Todd J. Zywicki

{"title":"A Chip Off the Old Block or a New Direction for Payment Card Security? Chips, Pins, and the Law and Economics of Payment Card Fraud","authors":"James C. Cooper, Todd J. Zywicki","doi":"10.2139/ssrn.3169606","DOIUrl":null,"url":null,"abstract":"The issue of consumer payments and data security has reached a high level of public and regulatory interest as a result of a number of recent high-profile data breaches that compromised consumer payment cards. In addition, the ecosystem of consumer payment security has changed dramatically in recent years as a result of the introduction and rapid spread of contactless payment technologies. In response to growing concerns about payment fraud, payment card networks in the United States have moved toward the rapid replacement of traditional magnetic-stripe payment card technology to new EMV (Europay, Mastercard, and Visa) computer chip–based technology. Notably, however, US card issuers and networks have chosen not to adopt the personal identification number (PIN) method of customer verification that has been standard in the United Kingdom and much of Europe for the past decade or so but instead have chosen signature verification as the preferred method. This article conducts an economic analysis of the regulation of consumer payment cards and payment card fraud. We examine the marginal benefits and costs from heightened levels of payment card security. We examine the dynamic evolution of payment card anti-fraud technology over time and suggest that there is little evidence of market failure in the provision of payment security by card networks and issuers and little reason to believe that mandating one exclusive, decades-old, static verification technology (namely, chip and PIN) would be likely to improve overall consumer welfare and economic efficiency today. We conclude that rather than blindly adopting the particular verification technology that Europe put into place many years ago, US regulators should be alert to the evolving and contemporary nature of consumer payments and the fluid nature of threats to data privacy and thus should not freeze or hamper the adaptability of the payment system.","PeriodicalId":165936,"journal":{"name":"PSN: Security & Safety (Topic)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"PSN: Security & Safety (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/ssrn.3169606","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The issue of consumer payments and data security has reached a high level of public and regulatory interest as a result of a number of recent high-profile data breaches that compromised consumer payment cards. In addition, the ecosystem of consumer payment security has changed dramatically in recent years as a result of the introduction and rapid spread of contactless payment technologies. In response to growing concerns about payment fraud, payment card networks in the United States have moved toward the rapid replacement of traditional magnetic-stripe payment card technology to new EMV (Europay, Mastercard, and Visa) computer chip–based technology. Notably, however, US card issuers and networks have chosen not to adopt the personal identification number (PIN) method of customer verification that has been standard in the United Kingdom and much of Europe for the past decade or so but instead have chosen signature verification as the preferred method. This article conducts an economic analysis of the regulation of consumer payment cards and payment card fraud. We examine the marginal benefits and costs from heightened levels of payment card security. We examine the dynamic evolution of payment card anti-fraud technology over time and suggest that there is little evidence of market failure in the provision of payment security by card networks and issuers and little reason to believe that mandating one exclusive, decades-old, static verification technology (namely, chip and PIN) would be likely to improve overall consumer welfare and economic efficiency today. We conclude that rather than blindly adopting the particular verification technology that Europe put into place many years ago, US regulators should be alert to the evolving and contemporary nature of consumer payments and the fluid nature of threats to data privacy and thus should not freeze or hamper the adaptability of the payment system.

查看原文本刊更多论文

芯片脱落旧块或支付卡安全的新方向?芯片，大头针，以及支付卡欺诈的法律和经济学

由于最近发生了一系列引人注目的消费者支付卡数据泄露事件，消费者支付和数据安全问题已经引起了公众和监管部门的高度关注。此外，近年来，由于非接触式支付技术的引入和迅速普及，消费者支付安全生态系统发生了巨大变化。为了应对日益增长的对支付欺诈的担忧，美国的支付卡网络已经开始迅速将传统的磁条支付卡技术替换为新的基于计算机芯片的EMV (Europay, Mastercard和Visa)技术。然而，值得注意的是，美国发卡机构和网络选择不采用个人识别号码(PIN)作为客户验证方法，而在过去十年左右的时间里，个人识别号码(PIN)在英国和欧洲大部分地区都是标准的，而是选择了签名验证作为首选方法。本文对消费者支付卡监管和支付卡诈骗进行了经济学分析。我们研究了支付卡安全性提高的边际收益和成本。我们研究了支付卡反欺诈技术随着时间的推移而发生的动态演变，并认为几乎没有证据表明支付卡网络和发卡机构在提供支付安全方面存在市场失灵，也没有理由相信强制采用一种独家的、已有数十年历史的静态验证技术(即芯片和PIN)可能会改善当今的整体消费者福利和经济效率。我们的结论是，美国监管机构不应盲目采用欧洲多年前实施的特定验证技术，而应警惕消费者支付的演变和当代性质，以及对数据隐私威胁的流动性，因此不应冻结或阻碍支付系统的适应性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

PSN: Security & Safety (Topic)

自引率

0.00%

发文量