EMV Chip & PIN: Banks locked front doors but left the back wide open

Posted by Jayme Moss on Jan 21, 2016 10:59:18 AM


bigstock-Security--disguised-burglar-b-45724504.jpgWe are in the midst of a revolution in how consumers are checking out at POS terminals. We discussed last week in an article entitled "The EMV Reality is Sinking In" how there is a general confusion at card terminals across the US by both clerks and consumers, whether the POS system is both capable and enabled to accept EMV cards. This week, we take the discussion a step further and present the confusion banks have caused by issuing PIN & Signature cards in the US, rather than the more secure and globally used PIN & Chip cards.

For starters, some education: the EMV chip cards issued in the US, triggered by the need for greater security, global payment standards, and the chargeback liability shift of October 2015, were by and large of the Chip & Signature variety. That is to say, the card can be inserted into EMV capable terminals and they require a signature.  The EMV chip cards in use for many years now in Europe and Canada, however, are of the Chip & PIN technology, meaning they require not a signature, but a PIN (not unlike the PIN you use on a debit card).

The chip & PIN variety is widely viewed as more secure.  In fact, a Federal Reserve study claims using a PIN can make a transaction up to 700 percent more secure. For this reason, in October of 2015, just 2 weeks after the chargeback liability shift, the FBI issued the following statement: "When using the EMV card at a POS (point-of-sale) terminal, consumers should use the PIN, instead of a signature, to verify the transaction. This fully utilizes the security features built within the EMV card." The problem with this warning is that the majority of US cards issued by US banks are not PIN enabled, and not all EMV terminals are PIN enabled.

(On a side note, this FBI warning has been redacted and revised to remove the PIN warning, succumbing to the uproar by banks and the confusion it caused retailers and consumers).

EMV Chip & Signature cards are a major step in the right direction for payment security. But did banks drop the ball by not issuing the much more secure Chip & PIN cards? The National Retail Federation 's Senior Vice President and General Counsel Mallory Duncan thinks so, as quoted in this article:

"Retailers are determined to protect their customers," Duncan added. "That's why we are pushing the banks to use all of the security the new cards are capable of providing, not just half. They shouldn't lock the front door but leave the back door wide open."

Banks counter this by arguing that chip cards without PINs should address about 40 percent of the credit and debit card fraud in the US. Adding PINs would indeed be an extra layer of protection, banks say, but they predict that only perhaps 10 to 15 percent more card fraud could be prevented with PINs.

For now, US consumers are still figuring out EMV with the Chip & Signature, and it's causing enough confusion.  It's been speculated that the banks felt educating US card users on EMV was enough, and perhaps adding a PIN to the equation would break us. They even have gone so far as to say it would be too difficult for the US population to remember a 4 digit pin, as stated in a Wall Street Journal acrticle. Yet, most of us have no problem remembering our 4 digit PIN for our ATM cards, or garage codes for that matter!  Let’s face it… the banks continue to lobby the card companies for program changes (like higher interchange) and to be lax insecurity -  as in this case when it may increase the amount of education and support they may have to provide their cardholders…

Have you downloaded our EMV Guide yet?  If not, we invite you to do so now:

Download our EMV eGuide

 

Topics: EMV

POPULAR POSTS