The issue of consumer payments and data security has reached a high level of public and regulatory interest as a result of a number of recent high-profile data breaches that compromised consumer payment cards. In addition, the ecosystem of consumer payment security has changed dramatically in recent years as a result of the introduction and rapid spread of contactless payment technologies. In response to growing concerns about payment fraud, payment card networks in the United States have moved toward the rapid replacement of traditional magnetic-stripe payment card technology to new EMV (Europay, Mastercard, and Visa) computer chip–based technology. Notably, however, US card issuers and networks have chosen not to adopt the personal identification number (PIN) method of customer verification that has been standard in the United Kingdom and much of Europe for the past decade or so but instead have chosen signature verification as the preferred method. This article conducts an economic analysis of the regulation of consumer payment cards and payment card fraud. We examine the marginal benefits and costs from heightened levels of payment card security. We examine the dynamic evolution of payment card anti-fraud technology over time and suggest that there is little evidence of market failure in the provision of payment security by card networks and issuers and little reason to believe that mandating one exclusive, decades-old, static verification technology (namely, chip and PIN) would be likely to improve overall consumer welfare and economic efficiency today. We conclude that rather than blindly adopting the particular verification technology that Europe put into place many years ago, US regulators should be alert to the evolving and contemporary nature of consumer payments and the fluid nature of threats to data privacy and thus should not freeze or hamper the adaptability of the payment system.
Read full abstract