Retail group urges adoption of PIN-based credit cards |
Written by Christine D. Johnson |
Monday, 31 March 2014 10:46 AM America/New_York |
The National Retail Federation (NRF) has urged the U.S. Senate to overhaul the nation’s fraud-prone credit and debit card system, saying banks’ insistence on cards that use a signature instead of a Personal Identification Number (PIN) puts merchants and their customers at risk. Card companies have continued to promulgate the use of fraud-prone signature cards despite their own research—conducted almost 25 years ago—that showed that PIN-based cards provided more security for consumers, retailers and banks. “Everything a fraudster needs is right there on the card,” NRF Senior Vice President and General Counsel Mallory Duncan said, describing how the cardholder’s name and account number are clearly printed on each card along with the expiration date and security code. “The bottom line is that cards are poorly designed and fraud-prone products that the system has allowed to continue to proliferate.” Duncan’s comments came in a statement submitted to the Senate Committee on Commerce, Science and Transportation, which held a hearing last week on criminal cyber attacks in which consumer card numbers have been stolen. He said current magnetic stripe cards with signatures are too easy to duplicate and forge. With or without an embedded microchip, a PIN-based card would provide greater security for consumers and retailers alike, Duncan said. “Protecting all cards with a PIN instead of a signature is the single most important fraud protection step that could be taken quickly,” Duncan said. “It’s proven, it’s effective, and it’s relatively easily implementable. PIN debit cards are close to ubiquitous worldwide, and readily producible in the U.S. Chip is a desirable add-on. If speed of implementation is of importance, then substituting PIN for signature is preferable to implementing chip.” Along with switching to PIN-based cards, NRF supports additional steps aimed at preventing fraud and data breaches, including end-to-end encryption of data, tokenization rather than storing data, and mobile payments. |