Until, of course, they were faced with the trade-off, which pits more security against loss of speed and convenience. Enhanced security comes at the price of increased cost to the issuers who have to invest in new terminals, more expensive cards and more people to monitor the system.
The banks are installing chips that make hacking and theft more difficult, but are not taking the next step of going to a PIN-based rather than password system.
Really safe cards would require a PIN rather than a password. Since most people find passwords easier to remember than PINs, there would be a greater chance of cancelled transactions due to card holders forgetting their PIN.
This decision pits the card issuing banks against the merchants and insurers who apparently have to bear the brunt of the stolen card cost. The banks claim they dont want to overburden consumers with a complex new system. Anyone who has had to replace their card due to theft will probably acknowledge that remembering four numbers is probably preferable to that.
Demand may eventually lead to the most secure approach. Start holding your breath now. JL
Robin Sidel reports in the Wall Street Journal:
“There is a lot of concern that PINs would create customer-service issues for consumers and merchants if a consumer can’t complete a transaction because they have forgotten the PIN."
Big U.S. banks are steering clear of an advanced security measure used in credit cards around the world, opting for a system that is more convenient for shoppers but may leave them vulnerable to fraud.
This year, firms ranging from J.P. Morgan Chase & Co. to Discover Financial Services Inc. are expected to roll out more than a half-billion new credit cards embedded with computer chips that create a unique code for each transaction, making counterfeiting much more difficult.
In a retreat for the industry, however, the new cards don’t use some technology that could prevent fraud if a card is lost or stolen.
Instead of requiring customers to put in a personal identification number, or PIN, the new cards need users to authenticate credit-card transactions the same way they often do now, with a signature. PINs are widely considered to be more secure than signatures, which can be easily copied.
The more advanced “chip-and-PIN” technology has been adopted in Europe, Australia and Canada. The U.S. is one of the few developed countries not to embrace it.
U.S. bank executives said they are choosing the signature version so customers won’t be burdened at the checkout line to remember a new four-digit code.
Chip-and-signature cards “are such a big shift that we didn’t want to make it more difficult than it already will be” by requiring a PIN, said Jon Krauss, senior manager for card payment strategy at Discover. The Riverwoods, Ill.-based card company will be issuing signature-based chip credit cards in 2015.
Chip-based cards must be inserted into the bottom of the cash-register terminal instead of swiped. Consumers have to leave the card in the terminal until they sign for the purchase.
J.P. Morgan Chase, the nation’s biggest card issuer, had initially planned to issue chip-and-PIN credit cards in 2014, but the bank put those plans on hold after testing them with consumers, according to a person familiar with the bank’s strategy. The bank has issued millions of chip-and-signature cards.
Other big banks opting for the chip-and-signature cards include Bank of America Corp. and Citigroup Inc.
The push for the new cards in the U.S. comes as financial institutions are reeling from a recent rash of costly data breaches at big merchants like Home Depot Inc., Staples Inc. and International Dairy Queen Inc. Industry observers said many of those attacks wouldn’t have happened if consumers used chip cards and merchants had technology in place to accept them.
Financial institutions are motivated to bolster security, as they are typically on the hook for unauthorized transactions. That will change in October when merchants who don’t have the upgraded technology to accommodate chip cards will be responsible for the cost of any fraud that occurs when one of the cards is used.
Consumers don’t usually bear the financial cost of fraud but are usually required to provide paperwork denying they made the purchase.
U.S. lenders are expected to issue more than 575 million chip cards by the end of 2015, according to an industry-group projection. That would be roughly half of the one billion cards in circulation in the U.S.
Most of the banks are issuing the new chip-based cards as old ones expire, although consumers can often request a chip card before that.
Other groups are pushing for cards with the added layer of security provided by PINs. Target Corp. , which was rocked by a data breach at the end of 2013, is one of the few merchants whose customers are getting store-branded credit and debit cards with the PIN technology.
In October, President Barack Obama issued an executive order to replace government-issued cards, such as those that contain Social Security benefits, with new ones featuring chip-and-PIN technology starting on Jan. 1.
Even without requiring PINs, the chip-based cards significantly reduce the chance that stolen card data can be used to make counterfeit cards, essentially making the data useless to thieves. Counterfeiting is the biggest risk of large-scale cyberattacks like the ones on Home Depot and Target.
U.S. credit-card-fraud losses totaled roughly $18 billion in 2013, according to Javelin Strategy & Research, a consulting firm that is a unit of Greenwich Associates. About a third of those losses are attributed to counterfeit cards, according to consulting firm Aite Group.
The PIN system is only a defense for point-of-sale purchases and doesn’t provide additional protection for online sales.
The decision whether to issue cards that require a PIN or a signature “is a very strong debate” in the industry,” said Martin Ferenczi, president of North American operations for Paris-based Oberthur Technologies, one of several card manufacturers that is being swamped with orders for chip cards.
Merchants are also scrambling to install new technology at the cash register to accept the cards, spending billions of dollars on upgrades. A payment-industry group estimates that roughly half of U.S. merchant terminals will be ready to accept the new chip cards by the end of 2015, representing 80% of U.S. purchases.The new chip cards also contain the old-fashioned magnetic stripe to accommodate merchants who don’t have the new technology.
“There is a lot of concern that PINs would create customer-service issues for consumers and merchants if a consumer can’t complete a transaction because they have forgotten the PIN,” said Randy Vanderhoof, executive director of the Smart Card Alliance, an industry group representing banks and credit-card companies.
But Merrill Halpern, assistant vice president of card services at United Nations Federal Credit Union, said the potential inconvenience isn’t a good enough reason to choose signatures over PINs. The credit union, based in Long Island City, N.Y., is one of the few credit-card companies that issues chip-and-PIN cards.
“We should be doing the most we can to fight fraud, and the only way to send that message is to stand clearly behind chip-and-PIN,” he said. The credit union has 100,000 credit-card customers, with about 40% of them living in the U.S.
The decision to issue signature cards instead of PINs is creating more tension in the already-fractious relationship between credit-card issuers and merchants, who have long fought over fees and other issues.
“It is absolutely a concern, and we believe [the new cards] are a half-measure,” said Andrew Szente, vice president of government affairs at the Retail Industry Leaders Association, a Washington, D.C.-based trade group. Banks, on the other hand, said many merchants don’t have pin pads to accomodate the technology.
0 comments:
Post a Comment