NEW YORK—After a spate of credit card thefts ran through Bay Ridge, Brooklyn, Sen. Marty Golden decided New York should require microchip technology, something already practiced in 80 countries in the world.
“In Europe this is already in place, in Canada this is already in place,” said Golden, speaking at a press conference in his district in Bay Ridge, Brooklyn on March 21. “Canada adopted this in 2009; fraud has come down 45 percent.”
The thieves in Bay Ridge stole hundreds of thousands of dollars by hacking into local businesses’ customer transaction archives. Golden said at least 30 people have come forward to report being scammed, and those are just the ones he knows of.
Golden said the hackers moved strategically, targeting “virgin territory” where security and awareness are not yet high.
In October 2015, a parallel federal law will go into effect that will transition the entire country to the microchip system. Some banks have already started transitioning their cards, but almost solely for company or high-earning individual accounts.
Golden, who has co-sponsored a bill with Sen. Joseph Griffo, does not want to wait another year and a half for this federal law to take effect. If the state bill gets through both houses and is approved by the governor, Golden says it could go into effect in as few as 60 days.
Without the chip, if credit card hackers break through a business’s firewall, as in the case of the recent Target breach, and steal information from customer transactions, the hackers can replicate the credit card as long as they have the number and the pin.
A microchip uses a unique number for each transaction instead of using a static card number. Even if the data from that one transaction were stolen, the hackers cannot use it to make another purchase because the number has expired.
Microchips are not fail safe. While the microchip would act as another layer of security, it increases security only in point-of-sale transactions. Hackers can still make payments online with a credit card holder’s number. It will also not protect against a card being physically stolen, as the card can still be used as long as the thief knows the pin, or, in cases where the merchant does not require a pin, can fake the owner’s signature.
In transitioning to microchip technology, not only will banks have to issue new cards, but the equipment that reads the cards will have to be updated as well, which could cost merchants.
“Most merchants are concerned,” said Dimitri Akhrin, the president of Bank Associates Merchant Services. “You’re talking about a few hundred dollars for small- to medium-sized businesses that are using standard credit card terminals, to maybe a few thousand dollars investment for larger chains and medium- to large-sized businesses.”
Akhrin emphasized that, whatever the initial cost is, it is far below the price a business would pay if its customers’ data were compromised.
“There’s no such thing as brand reputation insurance,” Akhrin said. “If you as a merchant get hacked, your brand will significantly suffer, even if you are selling wonderful products, with wonderful support, and with wonderful people.”
Holly Kellum is a special correspondent in New York.