Consumers may not be pushing for stronger card security because they feel overly protected by the systems in use today. But they do face real costs for fraud.
Consumers paid an average loss of $240 per fraud incident in 2011, a year in which nearly 5% of U.S. adults experienced identity fraud, according to Javelin's 2012 Identity Fraud Report.
On average, consumers lost $141 if their debit card was used fraudulently, and $306 if criminals attacked a credit card account, the report stated.
Advocates for chip-and-PIN security raise the issue of consumer costs when arguing against chip-and-signature security for the U.S. migration to the EMV secure card standard.
Tim Rohrbaugh, chief information security officer at the identity risk management provider Intersections Inc., says there is no doubt chip-and-PIN is the safer technology for consumers.
"When is the last time someone verified a signature [on a card transaction]?" he says. "We all know the answer to that."
Steve Schwartz, who also works at Intersections, says that the use of a PIN eliminates some of the opportunity to steal card data during individual transactions, since the card can't be as easily separated from its owner.
"I like it better when the transaction is taking place right in front of me, which you do with chip-and-PIN," says Schwartz, the company's executive vice president of consumer services.
Consumers absorb out-of-pocket costs more often for existing card account fraud, meaning the consumer opened an account and a criminal somehow got a hold of it, says Jim Van Dyke, president and founder of Javelin Strategy and Research.
Zero-liability policies protect consumers if they alert the issuer within 60 days of a fraud incident, and Regulation E, or the Electronic Funds Transfer Act, protects debit card users from most fraudulent charges if the cardholder reports a lost or stolen card within two business days of learning of the loss.
Zero liability is an essential protection, but certain sectors of the payment card industry have fewer protections for consumers, Van Dyke says. "Networks do a good job of protecting consumers, but closed-loop, store-branded cards are not as safe," he says.
In 2011, 8% of credit card fraud victims reported having their store-branded credit card misused, according to the Javelin study. On average, consumers lost $591 per incident when criminals stole their store-branded closed-loop card account.
In addition, consumer fraud costs increase because of "friendly fraud," or cases in which a family member or friend is involved in the fraudulent purchases and the cardholder isn't willing to sign an affidavit on the crime, Van Dyke says.
Regardless of the different ways in which consumers ultimately end up paying out of pocket because of card fraud, the card brands should make consumers aware of how far network and federal protections really go, says Mark Horwedel, CEO of the Merchant Advisory Group.
In addition, the advisory group says merchants and their customers would be far safer if card brands and issuers were on the same page in insisting on chip-and-PIN technology, rather than chip-and-signature, when EMV smart card use begins in the U.S.
"The Merchant Advisory Group and its members continue to plead the case for PIN versus signature," Horwedel says. "I believe our collective efforts are slowly gaining traction despite the fact that merchants continue to have little real control over what happens with payment card rules and policies."
Mike Urban, director of financial crimes risk management for Fiserv Inc., says merchants push for chip-and-PIN because a PIN provides better protection than just a signature.
"But there is a push [by some networks] to keep chip-and-signature as an option," Urban adds. "My problem with that is in the case of lost or stolen cards, the criminal who has a signature card and can still use it. With a PIN card, he can't use it without the PIN."
Though merchants resist the costs of accepting chip-and-PIN transactions, Horwedel says they will face higher costs if they choose a lesser form of security.
"A migration to chip without PIN will be costly to merchants because it will do nothing to reduce lost and stolen card fraud," he says.
Despite the rhetoric from merchants or industry observers, and the reality of consumer costs related to fraud, the debate on PIN vs. signature rests purely on issuer incentive, Van Dyke says.
"PIN transactions are less profitable for providers," Van Dyke says. "Regulators are expressing concern because they say the market is not aligned on this process."