Walmart, the nation's largest retailer, has filed a lawsuit in New York against Visa, charging that the payments network had blocked implementation of a PIN system, favored by retailers, to make the new chip credit cards more secure.
The suit, filed in the New York State Supreme Court, alleges the current system, in which a chip card user authenticates the purchase with a signature, is “fraud prone.”
Fortune quotes a Walmart spokesperson as saying Visa's influence in the adoption of the signature authentication system creates “unacceptable risk.”
On October 1, 2015, when the new system took effect, liability for fraudulent credit card purchases flipped from credit card companies to merchants.
Walmart's position appears to represent that of retailers in general, who have not been happy with the newly implemented chip card system. Many have been slow to install the new readers that extract information from a chip embedded in the plastic, rather than from a magnetic strip on the back.
Just days after the new chip cards, known as EMV cards, went into use, the National Retail Federation (NRF) took its case to Congress, arguing that the new chip-and-signature credit cards that do not also require a PIN won't stop fraud. It said small businesses should not be pressured to install the new equipment.
“The new EMV equipment does not stop breaches,” NRF Senior Vice President for Government Relations David French said in October 2015 testimony before the House Small Business Subcommittee. “Indeed, in many cases it provides no significant benefits either to the business or to the business’ regular customers. It is merely an additional expense small businesses are being told to bear.”
FBI also supports a PIN
The retailers weren't alone in their early concerns about the new cards. The FBI issued a statement within days of the new cards becoming active, warning law enforcement officers, merchants, and consumers to be aware that the EMV cards, while perhaps more secure than the cards they replaced, were still vulnerable to fraud.
The FBI noted that the chip allows a merchant to verify that the card is authentic and not one made by a fraudster with stolen credit card data. But the agency pointed out that wouldn't stop someone from using a chip card they had stolen. All they had to do was sign the name that was on the card. Requiring the user to provide a PIN, the FBI argued, would be more secure.
The following month, several state attorneys general echoed the FBI's concerns about the lack of a PIN. Attorneys general of eight states and the District of Columbia signed a letter to the nation’s top credit card companies and banks, calling for the use of PINs rather than signatures to approve purchases made with new chip-based credit cards.
So why don't the new chip cards require PINs? In its suit, Walmart says credit card companies balked at imposing the requirement, believing consumers would rebel at having to remember another password.