While banks and credit card companies took a step in the right direction by replacing the fraud-prone magnetic stripe cards of the past with chip-equipped cards, they made many missteps that complicated and weakened the EMV transition.
The most egregious of which has been their insistence on issuing new chip cards with signatures – useless, illegible scribbles – instead of numeric PINs which are universally recognized as more secure. As a result, American consumers are still left vulnerable to common forms of credit card fraud.
From on the onset, understaffing, unrealistic deadlines, and a lack of resources hampered the EMV transition as many businesses were left unable to get the necessary new payment terminals ready for use before the liability shift deadline. But even after all that trouble, American consumers are left with only a modicum of improved credit card security.
Instead of relying on signatures, the two-pronged approach of coupling chip cards with PINs would make tampering, counterfeiting, and using lost/stolen cards or stolen financial data nearly impossible.
Should a thief attempt to use a stolen chip and PIN card for an in-store purchase, it would be useless without knowing the PIN. What’s more, we could extend these protections even further if more mechanisms were made available for consumers to securely use their PINs for online purchases.
We had hoped the nation’s banks and credit companies would have deployed the more secure chip and PIN cards in the U.S. years ago just as they did in so many countries around the world. Unfortunately, our calls, along with those from other consumer advocates and security experts, have all failed to compel credit card issuers to act in the best interests of consumers.
It's no surprise then that major retailers are taking legal action in the hope that it spurs credit card companies to deploy chip and PIN cards. Where public outcry has failed, perhaps legal pressure will finally work.