Chip/PIN: Best near-term solution
A recent piece in The Hill’s Congress Blog missed some important points on the security benefits that chip and PIN technology provides. While I agree with the author’s view that there is no silver bullet for preventing all credit card fraud, chip and PIN is the best available near-term solution to protect American consumers from common credit card abuses.
This is important because U.S. credit card companies are now in the process of converting over to chip and signature cards, requiring merchants to invest in new point-of-sale terminals. The problem is that the signature verification that remains with these new credit cards represents a 1970’s technology, whereas chip and PIN cards would be a much better option, at least for now. If this credit card conversion is to take place, why not use a better solution?
{mosads}No one argues that fighting fraud and data breaches will take a long-term, comprehensive approach. Private and government institutions need to improve their cybersecurity capabilities to protect sensitive data, but we also need better security measures downstream at the point-of-sale like chip and PIN technology to thwart criminals who try to use stolen financial information.
It’s difficult to argue that one layer of security is better than two layers. Would you prefer one lock on your front door or two? The answer for many is two.
As such, PINs are a critical security component that cannot be dismissed. One need not look further for evidence of this than the fact that hundreds of millions of retail bank accounts in the U.S. require PIN numbers to conduct transactions. Surely, if financial institutions believe PINs are secure enough to protect American bank accounts, they should agree to couple them with chip-equipped cards to ensure credit transactions are more secure.
But even without chip-equipped cards, PINs still provide a distinct security fail-safe. Had PINs been required on existing magnetic stripe cards, they would have hindered the ability to monetize the credit card numbers stolen from data breaches like the one at Target. The PIN requirement would have been insurmountable, making the stolen credit card numbers less valuable.
The author’s arguments that some criminals will adapt their tactics to circumvent the protections chip and PIN provides or refocus their efforts to commit fraud online are valid. However, they fail to recognize that criminals would have to resort to these actions because chip and PIN technology would dramatically reduce in-store credit card fraud. Sales at brick-and-mortar locations still constitute a majority of the retail market – over $4 trillion in sales by recent estimates – so improving in-store transactions is not insignificant.
Certainly, the nature of the threat may evolve, as it did in European countries, but that is a testament to the effectiveness of chip and PIN.
What’s more, the often-repeated argument that fraud will migrate online if we adopt chip and PIN neglects a much needed conversation about how we can implement PIN authentication mechanisms for online transactions. The technology behind secure online PIN authentication methods has been around for years and some retailers have already adopted it to prevent online fraud. So why aren’t the nation’s card issuers exploring this technology to complement their chip-equipped cards?
While tokenization may better combat fraud, we are years away from wide scale implementation that would make it most effective. Therefore, instead of rushing to issue chip-equipped cards with the same-old fallible signature requirements, card issuers should use this opportunity to implement a broader improvement in form of chip and PIN. They should advance U.S. credit card security by, at least, updating us into the last decade, rather than relying on 1970’s signature requirements.
And let’s get real – the threat of someone deciphering my PIN at an ATM and then pickpocketing my card, as the author suggested, is less likely and more difficult than someone simply forging my signature.
Clearly, the U.S. faces a complex and never-ending challenge to curb fraud, but denying that requiring a PIN will help is absurd. All G20 nations, except the U.S., use them for a reason, while we remain more vulnerable to credit card fraud.
The author was right about there being no silver bullet, and that chip and PIN is not a cure-all for fraud, but it is a superior solution to the one that the financial industry is currently moving to this year – chip and signature. Issuing chip-equipped cards is a step forward, but getting serious about requiring PINs on those cards is another. Both must be done in tandem.
Pociask is president of the American Consumer Institute, a nonprofit educational and research organization. For more information about the Institute, visit www.theamericanconsumer.org or follow us on twitter at @consumerpal.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..