As pressure mounts on card issuers to offer chip-and-PIN cards, why are so many banks clinging to signatures? Recently, 9 attorneys general sent a letter to the big card issuers (including Discover Financial Services, Bank of America, Capital One, Citigroup, American Express and JPMorgan Chase), Visa and MasterCard, demanding they support the use of PINs. While the letter did contain some misinformation (hacking, data breaches and identity theft are not affected by switching from chip and signature to chip and PIN), the overall point – that card issuers should do their utmost to secure card payments by requiring chip and PIN. Requiring PINs on every transaction would make it much harder for fraudsters to use lost and stolen chip cards; they would have to know or guess the PIN for the payment to go through.
Large retailers are also pushing banks to support PINs. Retailers can get a lower interchange rate on PIN transactions, and they perceive them to be more secure. (However, some retailers balk at the idea of requiring PINs for credit cards, especially during the busy holiday season when lines are already long.)
U.S. banks that don’t offer 4-digit PIN codes make “a big, big, big mistake,” said Mehmet Sezgin, head of global payment systems at BBVA. “Chip and PIN is making the contactless experience for cardholders easier, faster and better.”
Banks give a number of reasons for going with chip and signature rather than chip and PIN on their new cards (called EMV cards, after the Europay MasterCard Visa standard). About 30% of U.S. banks don’t have the software and hardware to accommodate PINs with credit transactions, according to Steve Mott, CEO of BetterBuyDesign. They would have to make multimillion-dollar upgrades to their card systems, and many feel that since they already invest heavily in fraud detection software, they don’t need to spend on this. Some say they want to make the migration to EMV as smooth as possible, and asking consumers to create a PIN for their credit cards would confuse them and slow things down.
Sezgin dismisses such excuses. “Everybody uses a PIN for their debit card. It’s not like you’re introducing a whole new thing,” he said. Others defend the banks’ position. “There’s already significant confusion at the checkout counter,” said Brett Conradt, director of consulting firm Stax. A recent Stax survey found that 36% of consumers don’t know if they have a chip card or not. Roughly 45% of consumers find the process of dipping their cards confusing the first time, and say it adds 50 seconds to their checkout time. Only 37% of consumers who have used an EMV card felt that the sales associate or cashier was knowledgeable about the cards.
If the EMV rollout were cleaner, chip and PIN would make sense, he said. “The rollout has been somewhat of a mess, and the fact that it wasn’t completely standardized caused a lot of confusion,” he said. Requiring people to go to PIN at this point is a well intentioned but misdirected effort, in his view.
Banks point out that lost and stolen card fraud accounts for less than 15% of overall card fraud. No issuer wants to have the card that’s hardest to use. “If I have 3 cards in my wallet and one of the cards requires a PIN, and at checkout I can’t remember the PIN and I’m flustered, I might stick with a card that doesn’t require a PIN,” Conradt said. “Being the only issuer to require a PIN puts the issuer in a tough spot.”
Mott points out that the benefits of the current chip-and-signature cards are slim. While magnetic stripes continue to be present on all chip cards and accepted by all chip terminals, there will be little savings from counterfeit fraud anytime soon. Online fraud, which EMV does not address, has already begun to grow. “So the only near-term bang for buck in investing in and putting up with all the problems we’re experiencing in implementation would be deployment with PIN — which effectively combats fraud from lost and stolen cards,” he said.
In the ideal world, large card issuers would offer chip-and-PIN cards and educate cardholders on how to use them, thereby minimizing or eliminating the confusion. It’s the right thing to do and would provide a perception that card issuers are doing everything they can to help protect cardholders and retailers.