NRF Demands PINs with Chips
The National Retail Federation has deepened its opposition to deploying payment cards with embedded smart chips that do not also require cardholders to use a PIN to validate transactions.
Visa and MasterCard have taken a position that the use of PINs with the chip cards is not necessary because most card processing in the U.S. is online and in real time. PINs, the card brands argued, are really only necessary when card processing takes place after the transaction, or when the transaction takes place offline.
But the NRF argued that chip cards without PINs make little sense.
“We remain insistent that U.S. retailers’ customers be given the same protections as consumers in more than 80 countries who have both a chip and a PIN securing their credit and debit cards. There is no single solution to the complex issue of criminal hacking and we know PIN and Chip is just a bridge on the long road to a safer payment system, but it is an important step in the right direction,” said Mallory Duncan, general counsel for the NRF, in a release. “Easy-to-forge signatures are a virtually worthless form of authentication. Insisting on chip-and-signature cards is like installing an alarm on the front door of a home while leaving the back door wide open. It doesn't make sense when the technology exists to secure the entire house.”
Meanwhile, NAFCU Friday sent an email to federal legislators urging the adoption of various methods to safeguard consumer data and noting, in part, that cards with embedded chips would not end the entire fraud problem.
“[W]hile some argue for financial institutions to expedite a switch to a “chip and pin” card, the reality is that it is no panacea for data security and preventing merchant data breaches,” wrote NAFCU's General Counsel Carrie Hunt.
“Many financial institutions that issue ‘chip and pin’ cards had those cards stolen in the Target data breach, as the retailer only accepted magnetic stripe technology at the point of sale where the breach occurred. Furthermore, ‘chip and pin’ cards can be compromised and used in online purchase fraud, as the technology is designed to hinder card duplication and card information can still be compromised. This fact highlights the need for greater national data security standards as the way to truly help protect consumer financial information,” Hunt concluded.