U.S. retailers are increasingly unhappy with how the adoption of so-called chip and PIN credit cards is playing out in the market, and it’s not simply because the uptake has been slow. It’s because retailers feel the card companies themselves, worried about competition and profits, haven’t actually been encouraging the use of PINs, which allows for the most secure processing of card payments.
Last month Walmart, the largest U.S. big-box chain, sued Visa for allowing customers to simply sign their names rather than enter PIN numbers when using a microchip-enabled debit card.
In its lawsuit, Walmart says that by not requiring those using chip-enabled debit cards to enter a PIN, Visa, the largest issuer of credit cards in the United States, is robbing customers of added security. Walmart also accuses Visa of taking financial advantage of merchants, as transactions processed via signature often have a higher fee than those processed via PIN code, according to media reports.
Retailers have invested in chip technology
Walmart’s concerns are felt by merchants across the board, especially after they have invested in the new equipment required to read the chip cards. The Merchant Advisory Group, a trade organization that represents large U.S. merchants and is dedicated to improving the payments field, recently asked federal auditors to look into the legality of card-issuers, including Visa, of not requiring PINs for purchases made with chip-enabled debit cards.
“Merchants want issuers to enable PINs on all financial products because they are a form of multi-factor authentication that only the account-holder knows, and that ultimately helps prevent against fraudulent transactions,” said Liz Garner, vice president of the Merchant Advisory Group. “Not having a PIN associated with a card or an account would be like asking someone to sign into their email with just their email account and no password.”
Chip and PIN credit cards, also called EMV cards, which have been in use in Europe for a decade and a half are still relatively new in the U.S. market, which only began switching to the model last year, when new regulations shifted the liability for fraud damages to the party with the lowest level of security technology, whether that be the merchant or bank.
How chip and PIN works
In addition to the traditional magnetic strip across the back, the cards contain a small, embedded metallic-looking microchip, which can be read by a special machine. To complete the purchase, customers must also input a four-digit PIN or sign their name while the card is being read. The chip is more secure than the magnetic strip because it allows information to be encrypted and less accessible to hackers. The PIN then adds another layer of security.
According to the U.S. Federal Reserve, chip transactions accompanied by a PIN are seven times more secure than those processed with a signature.
The Retail Industry Leaders Association, another trade group representing merchants, is also pushing for the required use of PINs, calling the use of chip-and-signature cards “a half step.”
The pressure seems to be up on card companies, with the CEO of Discover Card stating at a conference in May, days after Walmart sued Visa, that the card-issuer would consider requiring PINs, even though its website currently states there is “no PIN required except at ATMs.”
A slow rollout
While most European and Asian markets almost always require PINs, the EMV chip system was designed to be flexible, according to each region’s needs, leaving it to regulators and market forces to decide if signatures or PINs should be required.
“The EMV Chip Specifications provide a comprehensive toolbox to help payment networks and other industry participants throughout the world,” Sarah Jones, a spokeswoman for EMVCo, an organization made up of six major credit card companies, including Visa and MasterCard, to facilitate worldwide acceptance of secure payment transactions, wrote in an email. “The specifications are designed to be flexible and can be adapted regionally to meet national payment network requirements and accommodate local market needs.”
EMVCo. is not involved in setting policies about whether PINs should be required, Jones wrote.
Other concerns about the change-over to such cards include the fact that most people have not even upgraded to these cards, and questions linger about their ultimate relevance in a world where mobile phone payments may be just around the corner to becoming mainstream.
Only 1% of card transactions in the United States in 2015 were with chips, compared to 97% of transactions in Europe, according to EMVCo., an industry organization comprised of credit card and other payment companies. And only 37% of merchants in the United States have purchased the equipment to process the cards, according to a survey by The Strawhecker Group.
The U.S. market accounts for about half of all credit fraud, and this is mainly due to the lack of chip-enabled cards in the market there, according to the Nilson Report, a trade newsletter covering the payments industry.
The change-over to chip cards also comes at a time of increased volatility in the sector, with new mobile and contactless payment methods being introduced. So in addition to the migration to chip and PIN, credit card companies are occupied with figuring out whether these new systems are threats or opportunities, and are investing heavily in developing their own innovation, according to analysts.
“The next five years are likely to see rapid changes in the nature of the payment business as cards are slowly replaced by electronic payment methods,” Jim Sinegal, an analyst at Morningstar Equity Research wrote in a recent report on Visa.
But the adoption of these mobile and other alternative pay systems has been slow, with cards still remaining the most common way to pay. Because of this, and the rising stakes in preventing fraud, merchants say the use of PINs in place of signatures is more important than ever, and they would like banks and credit card companies to work harder to increase the use of PINs.
“At the end of the day, a transaction where a PIN is entered is way more secure than signature,” Garner said. “And if Walmart or any other retailer wants to require a customer to enter a PIN when it’s available on the card, they should be able to do so as it will help mitigate overall fraud in the system.”