Filed under: Identity Theft, Retail, Wal-Mart, Consumer Protection, Internet Fraud
But the basic technology, which is widely used throughout the world, is being introduced with a significant flaw in the U.S., as a Walmart (WMT) executive said at a conference, according to CNNMoney. The cut corner will turn the new implementations into a "joke," said Mike Cook, assistant treasurer and senior vice president at the company. The problem is banks that enable the chip technology will only require signatures, not the input of a PIN code.
"Signature is worthless as a form of authentication," Cook said during his presentation, as quoted by CNNMoney. "If you look at the Target and Home Depot breaches ... not a single PIN debit card needed to be reissued in those breaches. The card number was worthless to the individual thief and fraudsters, because they didn't know the PIN."
PINs, not Signatures
Using signatures instead of PINs, criminals could still commit fraud because verifying someone's signature from a central source is next to impossible. The use of PIN codes with chip cards in Europe has significantly decreased both counterfeit and stolen card fraud there, according to Mercator Advisory Group. But U.S. retailers have largely pushed for a chip and signature system, making the implementation "markedly different."
In the 1990s, when chip cards were first introduced, telecommunications costs in Europe were much higher than in the U.S. It meant retailers couldn't afford to process all credit card transactions online, as Mercator explained. Instead, they opted for a PIN system that would let them verify identity more securely through existing separate payment systems.
To add a PIN system in the U.S. now would force the banks and payment systems to do additional data processing, which would require expensive system upgrades and more data being moved during transactions. In addition, the banks don't want to add a hurdle to using credit cards. They make a lot of money from credit card fees and interest on accumulated balances. Executives are worried that if they make their cards less convenient to use, consumers might instead opt for cards from other banks.
The reaction is similar to one among retailers. Even as massive data losses -- whether at a Target (TGT), Home Depot (HD) or Sony (SNE) -- that can lead to identity theft and credit card fraud have become a regular experience, companies haven't significantly changed how they do business. It turns out that have retailers have little incentive to improve security, as CBS MoneyWatch reported, because the losses they face are tiny in the context of their annual sales. And, like the banks, they too worry that inconvenience might drive people to spend less, and push sales revenue down.
