Device Hardening and Continuous Compliance Monitoring CONTINUOUS COMPLIANCE

The FBI recently published an online PSA warning consumers about vulnerabilities in the new chip-based credit cards, but this message has since been removed due to push-back from banks.

The alert suggested the need to implement the use of a PIN to complete a purchase instead of a customer’s signature. The idea of using a PIN instead of a consumer’s signature has been a heated debate among major retailers, who are in favor of PIN implementation, and major credit card companies, who are in favor of signatures.

The American Bankers Association contacted the FBI requesting the PSA be revised and taken down, helping to ‘reduce confusion over the use of PINs with chip cards.’

According to Doug Johnson, the Senior Vice President of Payments & Cybersecurity Policy at ABA, “We saw the PSA yesterday and spoke to the FBI after we saw it and thought it was not really reflective of the U.S. marketplace and through there would have been some level of confusion with the use of PIN.”

Of all the major credit card providers, Visa is notoriously known for supporting consumers providing a signature instead of a PIN to secure a payment with the new chip cards. The National Retail Federation and the Merchant Advisory Group, however, are supportive of the use of a PIN with the new chip-based credit cards to advance security.

According to Brian Dodge, executive vice president of the National Retailers Association, “Retailers have long argued that PINS are essential to providing cardholders with the security that they deserve.”

The purpose of the chip-enabled cards is to help prevent counterfeit fraud from plaguing the retail industry. When thieves steal credit card credentials from merchants’ computer servers, they have the ability to manufacture fake cards with the stolen 16-digit numbers and the four digit expiration dates. With the new chip-based cards, a unique code is used with each transaction, making it difficult for thieves to steal card numbers.

Nonetheless, a stolen or misplaced credit card could still be fraudulently used for in store, online or by phone purchase, an incident that retailers believe the use of PINs will help prevent. Retailers nationwide emphasize that their investments in new terminals to support chip-enabled cards should be accompanied by an inclination from banks & credit card providers to support PIN enablement.

When asked to respond to retailers favoring the use of PINs, Johnson said, “Their push for PIN is really an effort politically to change the conversation. If we didn’t have security breaches at retailers to begin with, we wouldn’t have compromised systems. If there was an appropriate effort on data security on the retailer side, we wouldn’t have this conversation.”

 

Read the Full Article on CIO Magazine here

Read more on PCI DSS Compliance

Learn more about Change Tracker Gen7

 

Share this blog post

Products
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter