The nations retailers aren't letting up in their campaign to force credit card processors to add a PIN to the new chip credit cards. Now, they have some reinforcements to their cause.
Attorneys general of eight states and the District of Columbia have signed a letter to the nation’s top credit card companies and banks, calling for the use of personal identification numbers rather than signatures to approve purchases made with new chip-based credit cards.
“This is further proof that top law enforcement officials and security experts agree that continued reliance on an illegible scrawl isn’t good enough to protect American consumers when the technology of a secret, secure PIN is readily available,” said Mallory Duncan, Senior Vice President and General Counsel of the National Retailers Federation (NRF). “Banks and credit card companies should heed the advice being given them and immediately implement chip-and-PIN. That’s the standard used around the world and U.S. consumers deserve nothing less.”
In the letter, the state officials said the chip-and-PIN approach is considered by many to be the gold standard currently for payment card security.
“Countries that have implemented chip-and-PIN cards have seen significant reductions in fraudulent transactions,” the attorneys general said in the letter.
NRF says the chip-and-PIN system is used in approximately 80 countries from Asia to Europe. But they point out that the new chip cards being issued in the United States use chip-and-signature instead.
“There can be no doubt that this is a less secure standard since signatures can easily be forged or copied or even ignored,” the attorneys general said. “Unlike signatures, PIN numbers can be changed easily and as frequently as needed by the consumer. Absent this additional protection, your customers and our citizens will be more vulnerable to damaging data breaches. This is something we cannot accept.”
The letter says that in Connecticut alone, there were 515 data breaches reported in the last fiscal year. It says about 2.5 million Connecticut residents were affected by breaches of their personal data. Half were said to involve credit and debit cards.
"Over the last few years, breaches at major retailers that involved credit and debit card information have really shown a giant spotlight at the inherent weakness and vulnerability of magnetic strip cards even when the cards are lost or stolen," said Connecticut Attorney General George Jepsen. "We know, based on experiences in other countries, that chip and PIN cards offer greater security to consumers – security that I believe far outweighs any initial burden or confusion that always comes when we need to get used to a new way of doing things, like using a credit card.”
In their letter, the attorneys general downplayed claims that using a PIN would be a hassel for consumers, noting that consumers already use PINs with debit cards. The attorneys general made clear they were not seeking legislation requiring PINs, but rather calling on card companies and banks to make the change “as good corporate citizens.”