Lack of Chip and PIN Frustrates NRF

by Michael Misasi 0

Security has become another wedge, like interchange, betweenbanks and retailers – both of which want consumers to feel safe when making payments.A recent article on NPRcriticizes banks for failing to support PIN authorization on credit transactions,a common feature among EMV-enabled countries.

“It’s really disappointing tosee that after all of the hacks that have occurred, the banks are only willingto take the steps to protect the banks and not the full protection weneed,” says Mallory Duncan of the National Retail Federation.

PINs are an effective means for combating the fraud thatresults from lost and stolen credit cards (a small, but not insignificantpercentage of all card fraud). Most banks prefer not to support PIN credittransactions though, because the technology hasn’t tested well in consumerexperience studies.

Remembering a unique PIN for every payment card in yourwallet could definitely get confusing. Consumers, fear not, banks still provide$0 consumer liability on all unauthorized credit transactions. And at least oneof the major card networks has incorporated PINs into its EMV liability shift.So retailers won’t be left holding the entire lost/stolen fraud bag – they havesome protection.

In the article, NPR portrays banks as denying retailers thefull benefit of the new POS hardware they have installed.

“TheU.S. has been slow to accept chip-encoded cards until now because mostretailers didn’t have the machines that could read them, and they didn’t wantto pay for them. But later this year, retailers that don’t accept cards withchips will be responsible for any fraud that occurs as a result.

Sothe retail industry invested billions of dollars to buy the new technology. ButMallory Duncan of the National Retail Federation says the new cards won’t be assafe as they could be. He blames the big banks.”

In addition to the liability shift protection mentionedabove, it should be noted that “retailers” as a group haven’t yet installedthis expensive hardware despite the claims of the NRF. Readers, how many EMVtransactions did you make this holiday season- maybe one? Credit issuers areactually farther along in terms of support for EMV than retailers.

Banks and networks also deserve some credit for bringingApple Pay to market. That product (which some retailers have refused to accept)arguably offers consumers the greatest payment security. Moreover, theoverwhelming majority of the card-related data breaches that Mr. Duncan refersto have occurred at merchants, not banks, and in spite of the fact thatsolutions to prevent them (tokenization and encryption, not necessarily EMVthough) have been available for years.

It’s been a grueling and frustrating path just to get thecurrent level of EMV readiness. PINs could still become the standard forauthorizing credit transaction in the U.S., but it will take time.


Overview by Michael Misasi, Analyst, Credit Advisory Service for Mercator Advisory Group

Read full story at NPR

Featured Content