A new assault on the major card brands over debit transaction routing got a boost this week when Home Depot sued Visa and MasterCard, alleging the card brands are pushing for the more expensive signature debit routing.
Home Depot's legal action comes a month after Walmart swung this door open with its lawsuit against Visa, alleging the card brand was forcing the retailer to route signature debit transactions to Visa when a cardholder was opting not to use a PIN. Walmart's stance has been to deny those transactions, putting more emphasis on use of a PIN.
Home Depot is targeting both Visa and MasterCard on a similar issue, alleging collusion among the major card brands and claiming the networks are violating the Durbin amendment mandate that calls for merchants to have network choices for routing. Among those choices, the independent PIN debit networks in most cases is less expensive. The lawsuit was filed in the U.S. District Court in Atlanta, where Home Depot is based, the Atlanta Journal Constitution reported June 14.
Home Depot has been in the payment technology spotlight in the past, suffering its own significant data breach in 2014 and finding itself in litigation with financial institutions across the country seeking answers to how payment credentials for an estimated 56 million Home Depot customers were compromised. That breach, in fact, pushed Home Depot to be one of the first major retailers to add EMV chip-based technology to its terminal network.
The giant home improvement retailer also flirted with PayPal in the past for in-store PayPal transaction acceptance in 2012 in tests in which PayPal account holders could pay for transactions with a PayPal plastic card or through use of a phone number and a PIN.
At that time, Home Depot defended PayPal's security measures after they came under fire from card brand executives a month after the testing with PayPal began in Home Depot stores.
Expansion of PayPal acceptance in-store did not occur within the Home Depot chain, nor did PayPal advance or promote the concept to other retailers in the following years.
But the PIN debate has overshadowed most other contentious technology arguments since the card brands revealed their EMV liability shift timeline in 2011, which included the October 2015 date that made the party with the weakest security technology liable for fraud.
In its 138-page lawsuit, Home Depot makes claims similar to what various merchant groups have stated against the use of signature with EMV transactions, while seeking PIN for debit and, eventually, credit card transactions in the U.S. to get the full security value of their investment in chip-card technology that thwarts counterfeit fraud.
"For years, Visa and MasterCard have been more concerned with protecting their own inflated profits and their dominant market positions than with the security of payment cards used by American consumers and the health of the United States economy," Home Depot states in the suit.
The retailer also points out that about 80 nations use cards with chips, and most of them — including England, France and Australia — also require a PIN rather than a signature.
"Such cards offer an extra layer of security beyond the chip itself, by requiring the user to enter a four-digit PIN, thereby ensuring that the individual using the card is the card's owner," Home Depot said. "Signatures can be copied or forged, and cashiers are not handwriting experts trained to identify forged signatures."
On another front, the Merchant Advisory Group is asking the Federal Financial Institution Examination Council to investigate whether debit card issuers are violating Durbin amendment routing rules, essentially by not providing a PIN debit network option.
But the message in all of these instances is the same — many debit signature transactions, which merchants view as less secure, are moving to the major networks rather than to less expensive independent PIN debit networks that are capable of processing signature transactions as well.
"There is nothing new [to say about legal tussles over PIN]," said Mark Horwedel, CEO of the Merchant Advisory Group. "But Home Depot comes as no surprise and is predictable in light of how poorly U.S. merchants have been treated by the card networks."
Visa and MasterCard do not respond to specifics in legal cases, but in the past executives at both companies have pointed to consumer choice as their guiding measurement on whether signature or PIN are the best options in a retail setting. However, in the past, MasterCard has clearly been more receptive to PIN authorization, whereas Visa has more consistently felt signature authorization represented a less expensive upgrade option for its merchants and would not disrupt cardholder habit at the same time they were being educated to dip EMV cards into a reader rather than swiping with mag-stripe.
While MasterCard continues to review the lawsuit, spokesman Seth Eisen noted that "this is not a surprise," citing Home Depot dropping out of the 2012 merchant swipe fee settlement. "We expected this procedural step," Eisen said.
MasterCard leaves the decision on how to verify the cardholder identity -- PIN or signature -- up to the merchant and the issuer, Eisen added.
"Regardless of how the cardholder's identity is confirmed, the chip makes data much more secure, rendering it almost useless to create fraudulent cards or transactions," Eisen said.
In a recent Visa blog, Stephanie Ericksen, vice president of risk products for Visa, noted the card brand is "aware that some merchants are requiring cardholders to enter a PIN for purchases made with their Visa debit card."
But Visa wants that decision of whether to sign a receipt, enter a PIN, or tap a fingerprint on a mobile phone "to remain with the cardholder, as it always has," Ericksen wrote. "And nine of 10 Visa debit cardholders agree," she added.
All of these new legal tussles unfold at a time when banks are pursuing an end to the Durbin amendment fee caps and routing mandates, while merchants want those cost and anti-trust measures to remain in place.