Big US banks are steering clear of an advanced security measure used in credit cards around the world, opting for a system that is more convenient for shoppers but may leave them vulnerable to fraud.
expected to roll out more than a half-billion new credit cards embedded with computer chips that create a unique code for each transaction, making counterfeiting much more difficult.
In a retreat for the industry, however, the new cards don’t use some technology that could prevent fraud if a card is lost or stolen.
Instead of requiring customers to put in a PIN, the new cards need users to authenticate credit-card transactions the same way they often do now, with a signature. PINs are widely considered to be more secure than signatures, which can be easily copied – reports WSJ.
US bank executives said they are choosing the signature version so customers won’t be burdened at the checkout line to remember a new four-digit code.
Chip-and-signature cards “are such a big shift that we didn’t want to make it more difficult than it already will be” by requiring a PIN, says Jon Krauss, senior manager for card payment strategy at Discover – who will be issuing signature-based chip credit cards in 2015.
J.P. Morgan Chase, the US’s biggest card issuer, had initially planned to issue chip-and-PIN credit cards in 2014, but the bank put those plans on hold after testing them with consumers, according to a person familiar with the bank’s strategy. The bank has issued millions of chip-and-signature cards.
The push for the new cards in the US comes as financial institutions are reeling from a recent rash of costly data breaches at big merchants like Home Depot, Staples and International Dairy Queen. Industry observers said many of those attacks wouldn’t have happened if consumers used chip cards and merchants had technology in place to accept them.
Financial institutions are motivated to bolster security, as they are typically on the hook for unauthorized transactions. That will change in October when merchants who don’t have the upgraded technology to accommodate chip cards will be responsible for the cost of any fraud that occurs when one of the cards is used.
Consumers don’t usually bear the financial cost of fraud but are usually required to provide paperwork denying they made the purchase.
US lenders are expected to issue more than 575 million chip cards by the end of 2015, according to an industry-group projection. That would be roughly half of the 1 billion cards in circulation in the US.
Most of the banks are issuing the new chip-based cards as old ones expire, although consumers can often request a chip card before that.
Other groups are pushing for cards with the added layer of security provided by PINs. Target, which was rocked by a data breach at the end of 2013, is one of the few merchants whose customers are getting store-branded credit and debit cards with the PIN technology.
In October, President Barack Obama issued an executive order to replace government-issued cards, such as those that contain Social Security benefits, with new ones featuring chip-and-PIN technology starting on Jan. 1.
Even without requiring PINs, the chip-based cards significantly reduce the chance that stolen card data can be used to make counterfeit cards, essentially making the data useless to thieves. Counterfeiting is the biggest risk of large-scale cyberattacks like the ones on Home Depot and Target.
US credit-card-fraud losses totalled roughly $18 billion in 2013, according to Javelin Strategy & Research. About a third of those losses are attributed to counterfeit cards, according to consulting firm Aite Group.
The PIN system is only a defense for point-of-sale purchases and doesn’t provide additional protection for online sales.
The decision whether to issue cards that require a PIN or a signature “is a very strong debate” in the industry,” said Martin Ferenczi, president of North American operations for Paris-based Oberthur Technologies, one of several card manufacturers that is being swamped with orders for chip cards.
Merchants are also scrambling to install new technology at the cash register to accept the cards, spending billions of dollars on upgrades. A payment-industry group estimates that roughly half of US merchant terminals will be ready to accept the new chip cards by the end of 2015, representing 80% of US purchases.
The new chip cards also contain the old-fashioned magnetic stripe to accommodate merchants who don’t have the new technology.
“There is a lot of concern that PINs would create customer-service issues for consumers and merchants if a consumer can’t complete a transaction because they have forgotten the PIN,” said Randy Vanderhoof, executive director of the Smart Card Alliance, an industry group representing banks and credit-card companies.
But Merrill Halpern, assistant vice president of card services at United Nations Federal Credit Union, said the potential inconvenience isn’t a good enough reason to choose signatures over PINs. The credit union is one of the few credit-card companies that issues chip-and-PIN cards.
“We should be doing the most we can to fight fraud, and the only way to send that message is to stand clearly behind chip-and-PIN,” he said. The credit union has 100,000 credit-card customers, with about 40% of them living in the US.
The decision to issue signature cards instead of PINs is creating more tension in the already-fractious relationship between credit-card issuers and merchants, who have long fought over fees and other issues.
“It is absolutely a concern, and we believe [the new cards] are a half-measure,” said Andrew Szente, vice president of government affairs at the Retail Industry Leaders Association, a Washington, D.C.-based trade group. Banks, on the other hand, said many merchants don’t have PIN pads to accommodate the technology.
The post US cards will fall short on fraud as issuers shun PIN appeared first on Payments Cards & Mobile.