More than six months after the touted October 1st liability shift, where retailers began assuming financial responsibility for debit and credit card fraud, the debate on credit card security persists in the halls of Congress, government agencies, and in the opinion pages.
Before the liability shift deadline, credit card companies began issuing new chip-enabled credit cards (also known as EMV cards) to their customers, while retailers were responsible for upgrading their point-of-sale terminals to accept the new cards. Since then, the debate between retailers and card issuers has grown more intense. Retailers argue that credit card companies set unrealistic deadlines and provided a poor roadmap for retailers to become EMV compliant, but card issuers argue that some retailers waited too long to upgrade terminals.
{mosads}While who bears the liability of fraud is of little concern for most consumers, as long as they are not liable, the crux of this ongoing battle should be a major concern for all Americans. There is a profound difference between the cards being issued in the U.S., compared with those used in the U.K., Canada, Australia, and Europe. These EMV cards have a two-prong security system: a microchip is embedded in the card to address counterfeit fraud and each card is outfitted with a unique PIN to authenticate the transaction in order to combat common forms of fraud.
While financial institutions have taken a step in the right direction by replacing the fraud-prone magnetic stripe cards we are accustomed to with chip-equipped cards, they’re still relying on signatures – not PINs – as a secondary method to ensure transactions are legitimate. They incorrectly believe that requiring a PIN for credit card transactions could burden consumers who may have difficulty remembering another passcode – a baseless argument that does not give Americans enough credit. Consumers are perfectly capable of remembering a PIN, particularly if it is the best protection available for their finances.
For some time, I have advocated for the implementation of chip and PIN here in the U.S. The microchip coupled with the individual PIN make tampering and counterfeiting the cards, along with using stolen financial data, nearly impossible. Should a thief attempt to use a stolen chip and PIN card for an in-store purchase, it would be useless without knowledge of the PIN. Furthermore, we could extend these protections even further if we had more robust mechanisms available for consumers to securely use their PINs during online transactions. The technology is out there, it is just not widely used.
Chip and PIN not only helps reduce fraud, but it also reduces the incentives to perpetrate data breaches in the first place. It diminishes the value of the data that could be stolen, because the chip and PIN cards’ two-pronged security measures make it more difficult, if not possible, for thieves to actually use or sell stolen consumer credit card data.
But don’t just take my word for it. Last week, the Chairman and CEO of one of the largest credit card companies in the country – David Nelms of Discover – signaled a willingness to embrace chip and PIN technology by stating, “I think we may be missing an opportunity to go to the higher level of security with EMV, which is how chip cards are handled in the rest of the world and what merchants in other countries expect when they see a U.S.-issued EMV card.”
That’s exactly right.
Chip and PIN cards have contributed to dramatic reductions in fraud wherever they have been implemented abroad. Despite the overwhelming body of evidence that demonstrates its effectiveness, the financial services industry has thus far been unwilling to deploy these security measures in the U.S.
In order to better educate lawmakers, their staff, and the public, Protect My Data – a consumer education campaign I launched last year – is hosting a panel discussion today on the Hill to explore the progress the payments industry and retailers have made implementing chip-enabled cards and terminals, the merits or drawbacks of using chip-equipped cards with signatures compared to chip and PIN cards, and to learn more about the ways Congress and the White House are working to protect Americans from credit card fraud.
So, even if most of the major credit card companies and banks have thus far been unwilling to provide consumers the more secure chip and PIN cards, I hope we can have a complete and open discussion today about where things stand and what more we could do to protect the public from the scourge of fraud.
Debra Berlyn is President of Consumer Policy Solutions and leader of Protect My Data