You're going to change the way you pay

After the Home Depot breach, paying by credit card will never be the same

Published: September 24, 2014 03:00 PM
The days of swiping your credit card will soon be over.

"If it ain't broke don't fix it," goes the old saying. For years, that approach worked just fine with the way we pay for products with plastic. Just swipe the card through a card reader next to the cashier and weeks later, when the bill comes, you make the payment.

But after Home Depot confirmed this month that hackers broke into its systems, it's pretty clear that the credit card system needs fixing. The breach compromised the confidential data of 56 million consumers, including their names, credit card account numbers, security codes, and expiration dates—less than a year after a similar breach at Target that put the data of 40 million consumers at risk.

"The payments systems for large merchants has grown out of control," Chris Uriarte, chief payments and product officer at Vesta Corp., a provider of anti fraud payment services for merchants and telecommunications companies, said. "The industry needs to change."

Read more to learn how to choose the right credit card for you in our Credit card buying guide.

That change is coming now. The Home Depot break in—the largest in American history—is giving a boost to new technologies to safeguard confidential consumer information and that's good news for consumers.

Cards with a chip

One of those technologies is a chip, known as EMV (named after its backers, Europay, MasterCard and Visa) that increasingly will be embedded inside new credit and debit cards. Cards with chips are expected to eventually replace cards with magnetic stripes and are supposed to be widely deployed by October 2015. The industry has good reason to jump on board: If merchants don't have card readers in place for these new chip-based cards a year from now, they could be liable for fraud charges. If banks issue cards without chips, they too could end up responsible for fraudulent charges.

For consumers, using these cards won't be much of an adjustment. Instead of swiping your card through a card reader at the cashier (so it can read the data on the card's magnetic stripe), you'll insert it until the transaction is complete.

The process that takes place behind the scenes, though, will be completely different. Instead of reading data from a magnetic strip, the reader will communicate with the chip inside your card using cryptographic algorithms to authenticate the card while generating a unique code for each transaction. The benefit is that because the data is housed on the chip, it will be much harder for thieves to replicate than it was when it was stored on the magnetic stripe.

The chip technology has been proven to make a difference. Since EMV was deployed in Europe in the early 1990s, credit card fraud has fallen by about 50 percent there. Europe's gain was America's loss.  Hackers started to look for easier markets to break into and increasingly zeroed in on the U.S., which now accounts for half the world's credit card fraud, according to Julie Conroy, research director at the Aite Group, an independent financial research and advisory firm. The rise in fraud has been quick, doubling since 2007 to nearly $5.3 billion in 2012—and the losses continue to grow by 30 percent to 50 percent per year, according to Conroy.

Now, the U.S. is taking steps to stop the fraud. The Home Depot break-in has led the retailer to speed up the move to protect consumers. The company plans to update about 85,000 card readers in its stores across the country by the end of the year so that they can work with EMV chips. (Home Depot will continue to accept cards with the magnetic stripe as well.)  The company has already done this in in its stores in Canada. Others, such as Walmart and Target, are also installing these systems.

Digital wallets


For consumers, the move to EMV helps to secure credit card data but it could also give a boost to a new technology: Digital wallets—payment apps you can download to your smart phone. That's because the new readers can also be made to work with a technology known as near field communications, which is needed so that consumers can make payments using digital wallets such as Apple Pay and SoftCard. You make payments simply by tapping or waving your smart phone in front of the reader.

Up until now, merchants haven't had much interest in NFC. Best Buy, for example, experimented with NFC payment systems in 2011 but eventually decided it was too expensive to operate.  But because the technology is compatible with the new EMV card readers, and because Apple Pay was just recently announced and Apple tends to be very influential—digital wallets may finally become more popular.

While credit cards with EMV chips and new digital wallets spell big changes for the credit card, Uriarte says not to get too excited too quickly. "While there may be fewer counterfeit cards being made," Uriarte said, " the fraud will just move elsewhere. Fraudsters are always looking for the next opportunity."

As these technologies roll out, remember that if there are fraudulent charges posted to your credit card, you are not responsible and it won't affect your credit score. There are, though, other steps you can take to protect your card data:

Ask your bank for a new card—Depending on the bank and the credit card you have, you may be able to replace your magnetic stripe card with a chip-based card now. Just call your credit card issuer to ask.

Place your credit on a security freeze—If you have any reason to believe that someone may be trying to access your confidential information, you can call your credit company to request that a security freeze be placed on your credit cards. This prevents most credit-card issuers and lenders from reviewing your credit history. Without that, lenders probably won't issue new credit, so criminals can't set up fraudulent accounts in your name.

But keep in mind that if you do this, you will also shut out people who have a legitimate need to access to your data, such as lenders you've asked for credit, telecom companies, and insurers. To give them access, you have to lift the freeze.

Sign up for a fraud alert—A fraud alert is easier to initiate than a freeze, but it offers less protection. While a fraud alert is in place, your credit file will be accessible, but creditors must take certain steps to verify your identity before granting credit. You need to request a fraud alert at only one credit bureau; it will then notify the other two. An alert lasts 90 days. If you're an ID-theft victim, you can keep one in place for seven years.

Sign on for credit monitoring—While this may not stop a criminal for accessing your data, you will get an alert by e-mail when there's activity in your credit file.

—Nikhil Hutheesing (@Nikhil212 on Twitter)

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Credit Cards News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more