As of October 1, U.S. retailers were required to upgrade their point-of-sale terminals to accept new EMV chip credit cards or be liable for any fraudulent charges. According to Reuters, some large U.S. retailers are trying to take it a step further by using personal identification numbers (PINs) with the new embedded chip credit cards to prevent counterfeit card fraud. More specifically, Target is moving ahead with a chip-and-PIN rollout, and Wal-Mart plans to do the same.
As for banks, they favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere. Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers. “PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite Group estimates accounts for only 14 percent of fraud.
An additional reason for the slower acceptance of chip-and-PIN technology by banks is that PINs are expensive to put into practice. Gartner analyst Avivah Litan estimates that banks would have to invest hundreds of millions of dollars in network improvements to support them.
Those in the security field have a different perspective. Lance James, chief scientist with cyber intelligence firm Flashpoint, explains, “The PIN is definitely a must. It’s one extra step that provides true two-factor authentication.” EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite Group estimates accounts for 37 percent of that fraud.
In a recent article, Forbes pointed out that an FBI public service announcement in early October raised questions regarding the absence of PIN authentication, indicating that the combination of chip-equipped cards and PINs are significantly more secure than using decades-old signature verification. This announcement aligned with the FBI Director who stated at a congressional hearing, “I think the experts at the FBI would say PIN and chip is more secure than PIN and signature.” The October announcement was later revised to de-emphasize the use of PINs. Some believe this revision was due to pressure from the banking industry.
While the increase in credit card security seems to make sense, challenges emerge when it comes to implementation. Wal-Mart faces obstacles, because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Target and Wal-Mart seem to be supportive of chip-and-PIN cards, but other retailers are not quite there yet. “Our approach is chip and signature,” said Macy’s spokesman Jim Sluzewski. JC Penney said it has no plans to introduce PINs and has yet to begin processing any chip transactions.
Furthermore, there is currently only one PIN credit card available through a major U.S. retailer, a MasterCard that Target issues through Toronto Dominion Bank. If that is not enough, a retail industry executive said that some retailers have privately confided that they fear widespread PIN adoption could result in slower lines and lost sales from shoppers who forget PINs.
———–
Ryan Lahti is the founder and managing principal of OrgLeader, LLC. Stay up to date on Ryan’s STEM-based organization tweets here: @ryanlahti
(Photo: US Chip-Enabled Payment Cards, Flickr)