A Chip Without a PIN Is Asking for Fraud
The U.S. might be ahead of the rest of the world in some areas of security, but when it comes to protecting against credit card fraud, we’re way behind.
Over half of the credit card fraud in the world takes place right here in the U.S., according to Barclays – and our outdated credit card technology has made that rating possible, giving the hackers free rein. In less than a month, on October 1, that situation is supposed to change, and in order to make the change real, we need to opt for chip and PIN over chip and signature.
On October 1, banks and merchants should have transitioned from the current magnetic stripe credit cards to chip-enabled, or EMV, cards. On this date, liability for credit card fraud will fall to whichever party – bank or merchant – has the less advanced technology (read that, not chip-enabled). While chip technology isn’t the ultimate solution for securing credit cards, it’s the choice that both the private sector and the Administration have made – and it will make payments more secure than they are today.
So why, when security is the aim, would we even consider chip and signature and not opt for the more secure chip and PIN? With chip and signature, cards include a microchip, but users are asked only for a signature upon presentation of the card. That’s pretty easy to get around. With Chip and PIN, on the other hand, individuals set a PIN that only they will know, making in-person transactions much more difficult for fraudsters.
A new survey on EMV readiness finds that 66%of large businesses believe Chip and PIN should be required because Chip and Signature does not offer ample security. Yet many of the cards appearing in consumers’ mailboxes are Chip and Signature, not Chip and PIN.
One reason banks offer for this choice is the presumed difficulty of remembering another PIN. Are we to think that Americans are not quite as capable as the British, Dutch or Canadians – all of whom managed to figure out a way to make the more secure chip and PIN work? And the multiple PIN issue is not unique to credit cards. It’s an issue throughout the digital world – one that tech companies, government-sponsored groups and others are addressing, so there’s reason to believe it won’t always be a problem. Why should we opt for a less secure payment system when technology could soon eliminate, or greatly reduce, the hassle of multiple PINs.
Ultimately, we need, by today’s standards, a combination of chip and PIN, no mag stripe and point-to-point encryption or tokenization to protect information as it passes through the processing system. That will be expensive, but how does it compare with $10 to $12 billion in fraud costs this year – and growing every year we delay?
It’s in consumers’ and all of our interests to do what we can right now, and that’s to get on with the transition to chip and PIN. Otherwise the U.S. – and that means U.S. consumers – will continue to lead the world in an area nobody wants to distinguish themselves in: credit card fraud.
Dick Mitchell is solutions director for Randstad Technologies.