I hardly ever use cash and I can’t remember the last time I wrote a check, which means that I mostly just use plastic (and/or buy stuff online). But none of that changes the fact that there are plenty of reasons to hate credit cards—or, more specifically, there are plenty of reasons to hate credit card companies—to the point where I think that whoever or whatever figures out how to replace them will win big with retailers, customers, IT professionals, and developers.
Reasons to Hate Credit Card Companies: Consumers
It’ll sound like I need to readjust my tinfoil hat, but major credit card-issuing banks in the United States are every bit the soulless, greedy corporations that they’re frequently made out to be. I’m not talking about things like 13% interest rates, high fees, and all of the other traps that consumers get themselves into. I’m talking about the fact that credit card fraud could be severely decreased but for the fact that taking the steps to do so would cut into the margins of the big banks who issue credit cards.
For example, not only do Visa and MasterCard officially discourage merchants for asking cardholders for identification, they actually prohibit merchants from refusing a sale when a when a cardholder refuses to show identification. Similarly, if Visa and MasterCard would equip their cards with smart chips and a PIN (as most European cards do), then the specter of credit card theft via magnetic stripe readers would all but disappear. But, as a former credit card thief outlines, “credit card companies have done the math. . . they think that people will use their cards less if they had to put in a PIN. . . and [credit card companies] would lose money”.
Credit card companies aren’t worried about the impact credit card fraud and identity theft has on customers. These companies are solely interested in their own bottom line.
Reasons to Hate Credit Card Companies: Merchants and Retailers
Retailers and merchants have a whole host of reasons for hating credit card companies. First of all, there are the 3% fees imposed over the top of every transaction. No surprise, then, that merchants and retailers are actually very keenly interested in alternative purchasing options such as ApplePay, Google Wallet, and Merchant Customer Exchange (MCX). In fact, a recent quote from Walmart’s CEO on the subject explains things very well: “I don’t know that MCX will succeed, and I don’t care. As long as Visa suffers.”
There’s also the fact that retailers frequently end up thrown under the bus when fraud is committed. Merchants don’t always bear the full brunt of paying for fraud, but they typically incur large percentages of those costs and small businesses can actually be completely destroyed by fraud in certain scenarios, which is all the more despicable given that Visa and MasterCard officially prohibit merchants from confirming identification to qualify purchases.
Reasons to Hate Credit Card Companies: IT Pros and Developers
Excuse me a bit while I rant about PCI Compliance. Let me start by saying that I don’t for a second think that strong security and protections are unnecessare when it comes to storage of personal or credit card information. But the realist in me recognizes that (like so many forms of regulation), PCI Compliance was likely nothing more than lobbyists working on behalf of huge payment techs and other key players in the payment industry as a way of stifling competition. Again, I’m not advocating a world where businesses and merchants can store my information loosey-goosey, but I personally believe that PCI compliance is a joke. Organizations incur significant costs and overhead just for enforcing PCI Compliance, it's frequently not enforced very well at all, and it's open to significant degrees of interpretation. Moreover, I personally feel that it provides a false sense of security for many non-technical managers who believe that if they’re PCI complaint, then their data is protected—when, in reality, PCI Compliance should be a minimum threshold for evaluating whether or not security is being taken seriously. Stated differently, regulatory compliance isn’t even in the same universe as security.
Then, of course, there is the fact that major retailers like Target and The Home Depot were supposedly PCI compliant.
Granted, while Target and Home Depot aren’t technically credit card companies, the reality is that they failed to protect customer assets. Yet, regardless of their failures, there’s been no word of any (sizeable or appropriate) penalties or fines to be levied against them for their major security failures and failure to meet US regulatory requirements. I doubt any small business out there handling credit card transactions (no matter how truly secure they are in terms of access and storage of these details) takes their PCI Compliance lightly. If a small business did so, they’d be eaten alive by auditors and the regulatory weight that would be hurled at them. Which, to me, just underscores that so much of PCI compliance is actually rooted in helping credit card companies and payment techs keep a strangle hold on their near-monopolies.
Ultimately, there are plenty of reasons for pretty much everyone to hate credit card companies. There’s also the fact that they’re sitting on a pile of money worth an estimated $40 to $50 Billion per YEAR, thanks to the 3% fees they charge on top of all transactions. No wonder then, that Apple, FaceBook, and Google are all interested in getting a piece of that pie. Nor is it any surprise that merchants themselves are pushing solutions like MCX and (what I’m guessing will be) other alternatives. The translation, though, is that we’re about to see some major changes in how payments and payment details are handled, which will mean plenty of new challenges (and growth opportunities) among the IT professionals tasked with safeguarding, integrating, and developing these solutions.