U.S. Credit Cards Tackle Fraud With Embedded Chips, But No PINs
This year, there will be an important change in the way Americans use their credit cards. More banks will be issuing cards with small computer chips, a move they say will protect against credit card fraud.
But banks are stopping short of another step that will make credit card usage even safer. And a lot of retailers aren't too happy about it.
Americans use their credit cards a lot, and most of the cards they use operate the same way. The credit card is swiped through a machine, and the machine reads the customer's personal information, which is stored in a magnetic strip on the back.
The problem, says Kevin Yuann of the Website NerdWallet, is that this magnetic strip is really easy for criminals to access.
"The Target breach, for example, or the Home Depot breach, someone skimmed all that card data and then printed out fraudulent cards," Yuann says.
Now U.S. credit card companies are moving to cards encoded with small chips, which have long been used overseas. Yuann says fraud will become a lot harder to pull off.
"That type of fraud won't be able to occur because the chip prevents someone from emulating a card that way," he says.
The U.S. has been slow to accept chip-encoded cards until now because most retailers didn't have the machines that could read them, and they didn't want to pay for them. But later this year, retailers that don't accept cards with chips will be responsible for any fraud that occurs as a result.
So the retail industry invested billions of dollars to buy the new technology. But Mallory Duncan of the National Retail Federation says the new cards won't be as safe as they could be. He blames the big banks.
"It's really disappointing to see that after all of the hacks that have occurred, the banks are only willing to take the steps to protect the banks and not the full protection we need," Duncan says.
As anyone who's traveled to Europe lately knows, using a credit card overseas usually requires entering a PIN just like you do with your bank card in the U.S. But the U.S. banks that issue credit cards didn't want to ask their customers to do that. So customers will just be required to provide their signature, which is the way they do now for the most part.
"Most credit card users in the United States, in fact the vast, vast majority of them, are not accustomed to using a PIN within a credit environment, so I think that that's something that was central to the decision of the credit card issuers," says Doug Johnson, a senior vice president of payments and cybersecurity policy for the American Bankers Association.
In essence, U.S. consumers aren't used to punching in a PIN when they buy something with their credit cards. Yuann says credit card companies did marketing studies and found out that requiring PINs would actually turn off U.S. customers.
"The banks want to make sure that cardholders use their card, and so they want to make it as easy for the cardholder," Yuann says. "And so until they see adoption of PIN across the system, no bank wants to be the only one with a PIN-only-enabled credit card."
But requiring PINs would make credit cards even safer — a lot safer, in fact. Bank industry officials brush aside this concern, saying this is all a temporary problem.
There's a new generation of credit cards coming that won't use numbers at all, not even account numbers. Until then, they say the new chip-encoded cards will provide an extra level of security, even if they don't go as far as a lot of retailers would like.
Copyright 2020 NPR. To see more, visit https://www.npr.org.