Contrary to rampant misconception, we have not adopted the more secure chip and PIN payment standard in the United States that could address the rapid rise in online fraud.
Leading up to last year’s long-awaited transition to chip-enabled credit cards, issuers across the country pledged to manufacture and distribute new chip-enabled credit and debit cards to their customers. Businesses both large and small were subsequently responsible for upgrading their payment terminals to accept these new cards.
Against the backdrop of the ongoing battle between the financial industry — who argued that retailers are not upgrading their terminals fast enough — and retailers — who argued that credit card companies set unreasonable deadlines to make those upgrades — are the consumers, who, at the end of the day are most affected by financial fraud.
Consumers are consistently promised that their safety and security is the No. 1 priority of credit-card companies, yet the debacle that has been the rollout of these new cards proves otherwise.
While chip-enabled cards are an improvement from the arcane swipe-and-signature model we’ve grown accustomed to, it does not eliminate the risk of when a thief gets their hands on our wallet or pocketbook. Worse, it does nothing to secure online transactions.
The embedded microchip is helpful in reducing the risk of “skimming,” or cloning our financial information, which was a simple task when that information was stored on the old magnetic stripe. But anyone who is able to obtain your card and uses it at a cash register can easily forge your signature, rendering the chip useless.
This scenario has given rise to a continuing dialogue around chip and signature cards versus the safer, more advanced technology, chip and PIN. The latter involves both the microchip as well as a numeric code for authentication, similar to that of our ATM cards. This improved two-prong system eliminates the need for a signature, which can be easily forged, and therefore reduces the threat of a fraudulent in-person transaction. Without knowing the PIN, the stolen card is useless.
More important, we could extend those protections even further if we have more robust mechanisms available for consumers securely to use their PINs during online transactions. The technology is out there, it is just not widely used. The ability of chip and PIN to address online fraud cannot be overstated, especially as fraud in this arena is expected to be the new scourge plaguing consumers and businesses in the years to come.
While it is a relatively simple distinction — one standard involves a signature, and one involves a PIN — the reporting on this distinction is greatly misleading.
Time after time, news articles and some industry experts have failed to make that distinction. Many have gone so far as to say that card issuers deployed chip and PIN cards, a factually inaccurate claim. We don’t have chip and PIN cards in the United States. Card issuers have insisted on deploying the more fallible chip and signature standard instead.
Last fall, even a Chase credit-card representative wrongly tweeted that they’d be issuing chip and PIN credit cards. The tweet was later retracted — a “mistake,” according to a company representative.
These stories and announcements are troubling for consumers who have spent the last several years exceedingly more concerned about their financial security. Not only are they being misinformed, they also have not been properly informed about the distinction between chip and signature versus chip and PIN.
So I want to set the record straight. The banks and credit-card companies still need to take consumers’ financial security more seriously by adopting the best payment safeguards available to us now. And the best payment safeguard for consumers is most definitely chip and PIN.
Debra Berlyn is president of Consumer Policy Solutions and leader of Protect My Data. She wrote this for InsideSources.com.