The FBI recently published an online PSA warning consumers about vulnerabilities in the new chip-based credit cards, but this message has since been removed due to push-back from banks.
The alert suggested the need to implement the use of a PIN to complete a purchase instead of a customer’s signature. The idea of using a PIN instead of a consumer’s signature has been a heated debate among major retailers, who are in favor of PIN implementation, and major credit card companies, who are in favor of signatures.
The American Bankers Association contacted the FBI requesting the PSA be revised and taken down, helping to ‘reduce confusion over the use of PINs with chip cards.’
According to Doug Johnson, the Senior Vice President of Payments & Cybersecurity Policy at ABA, “We saw the PSA yesterday and spoke to the FBI after we saw it and thought it was not really reflective of the U.S. marketplace and through there would have been some level of confusion with the use of PIN.”
Of all the major credit card providers, Visa is notoriously known for supporting consumers providing a signature instead of a PIN to secure a payment with the new chip cards. The National Retail Federation and the Merchant Advisory Group, however, are supportive of the use of a PIN with the new chip-based credit cards to advance security.
According to Brian Dodge, executive vice president of the National Retailers Association, “Retailers have long argued that PINS are essential to providing cardholders with the security that they deserve.”
The purpose of the chip-enabled cards is to help prevent counterfeit fraud from plaguing the retail industry. When thieves steal credit card credentials from merchants’ computer servers, they have the ability to manufacture fake cards with the stolen 16-digit numbers and the four digit expiration dates. With the new chip-based cards, a unique code is used with each transaction, making it difficult for thieves to steal card numbers.
Nonetheless, a stolen or misplaced credit card could still be fraudulently used for in-store, online or by phone purchase, an incident that retailers believe the use of PINs will help prevent. Retailers nationwide emphasize that their investments in new terminals to support chip-enabled cards should be accompanied by an inclination from banks & credit card providers to support PIN enablement.
When asked to respond to retailers favoring the use of PINs, Johnson said, “Their push for PIN is really an effort politically to change the conversation. If we didn’t have security breaches at retailers, to begin with, we wouldn’t have compromised systems. If there was an appropriate effort on data security on the retailer side, we wouldn’t have this conversation.”
Read the Full Article on CIO Magazine here
Read more on PCI DSS Compliance