Why SA banks still issue cards with magstripes

Over the years, the card payments landscape has changed significantly, driven by technology innovation and the quest for enhanced security and convenience.

From the early days of embossed credit cards and ZipZap machines to the cutting-edge EMV (Europay, Mastercard and Visa) chip technology and beyond, the payment industry has undergone a remarkable evolution.

In the 1980s, magnetic stripe technology revolutionised the way transactions were conducted, enabling widespread adoption of card payments. However, this advancement also brought vulnerabilities, notably card skimming, where criminals cloned cards using information stored on magnetic stripes.

In response to the growing concern over magstripe fraud, the industry introduced the EMV standard in the early 2000s, bolstering security through cryptographic technology.

EMV chip cards virtually eliminated counterfeiting and significantly reduced in-person card fraud. Additionally, the convenience of contactless payments emerged, leveraging the same EMV technology. This allowed users to make swift and secure transactions without physical card interaction.

Despite the advantages of EMV and contactless payments, traditional banks encountered obstacles in upgrading their infrastructure. Legacy systems produced cards with multiple technology mechanisms, including magstripes, creating security gaps. Modern EMV security could simply be bypassed through older tricks, like magstripe skimming, leading to continued card fraud.

EMV > magstripes

While EMV addressed in-person fraud, “card not present” (CNP) fraud emerged in online transactions. To combat this, some banks have recently introduced virtual cards, digital cards users can store electronically, usually on a mobile device. These digital cards use different card numbers and security codes to a customer’s plastic cards, in the process helping improve security by protecting the primary card details.

EMV’s security superiority over magstripe is evident. EMV chip data is exceptionally challenging to compromise, while magstripe data can be easily cloned. However, due to acceptance and customer experience, magstripe persists as a fallback option, despite its obvious security flaws.

Though no specific regulations mandate the continued use of magstripes, industry bodies encourage EMV adoption. While South Africa has made significant progress in contactless and EMV adoption, some international markets lag, maintaining their reliance on magstripe technology.

Read: Revealed: how much South Africa’s big banks spend on IT

As the industry evolves, magnetic stripe’s role will diminish, while mobile wallets and biometric authentication offer more secure alternatives. Card schemes are actively pushing for a magstripe sunset, with dates already set for some regions. The US, for example, is starting to adopt EMV more rapidly. Banks there will no longer be required to issue chip cards with a magstripe, but only from 2027. By 2029, no new Mastercard credit or debit cards will be issued with a magnetic stripe in that market.

Although Mastercard did not say when it expects to phase out magstripes in South Africa, the company told TechCentral that it actively promotes safer technologies like EMV and tokenisation. However, challenges remain, particularly with devices like ATMs and in certain merchant segments that still rely on magstripes for payment acceptance.

Visa said it also driving the transition to EMV. While advocating for this shift, Visa said certain devices and segments still require magstripe compatibility. The company emphasises upgrading infrastructure to accommodate EMV chips while retaining magstripe for broad acceptance. Like Mastercard, it didn’t say when it expects to phase out magstripes in South Africa.

Indeed, magstripe technology remains used in markets around the world, despite the risks. Many ATMs still require a magstripe. Moreover, varying levels of EMV adoption necessitate dual compatibility. So, while the magstripe is clearly living on borrowed time, it’s likely to be with us for a few more years yet, despite it having clear disadvantages.

TechCentral asked South Africa’s big banks about their plans to ditch magstripes on their cards. Absa, FNB, Investec, Nedbank and Capitec did not respond. However, Standard Bank said it actively educates its customers about the risks of fraud, encouraging the adoption of EMV and contactless payment methods. Standard Bank aims to equip merchants with modern point-of-sale devices that accept these newer payment technologies, it said.

Read: The role of banks in Africa’s digital future

Bank Zero, a new, digital player in South Africa’s banking industry, recognised the vulnerabilities of traditional payment methods and developed its own patented card security technology. This approach rejects magstripe transactions and instead employs two-factor authentication for online purchases. Bank Zero gives customers control over their risk appetite, allowing them to enable or disable Pin-less tap transactions. Remarkably, the bank has recorded no instances so far of card losses due to skimming of card data.  – © 2023 NewsCentral Media

Get TechCentral’s daily newsletter