16 December 2017
Nigel Beatty

Nigel Beatty

Nigel Beatty - Proxama Digital Payments Division

2Posts 5,012Views 9Comments

US Adoption of Chip and PIN - Pressure Grows

10 March 2015  |  2605 views  |  1

There’s a groundswell of opinion in the US calling for the widespread adoption of 'Chip and PIN' to go alongside the move to EMV chip cards for credit and debit purchases. Last year the President signed an order mandating Chip and PIN for all federally-issued payment cards and all federal acceptance points. This week the Consumer Policy Solutions pressure group called for Chip and PIN to be adopted for all US card purchases based on the increased protection against fraud that PIN offers. 

In Europe and the rest of the world, ‘Chip and PIN’ exclusively means storing the PIN securely in the chip for it to be verified locally on the point-of-sale (POS) device, while in the US the term is being used more loosely to mean replacement of signature-based purchases by entry of a PIN, as happens with many of the independent debit networks. The PIN is then securely sent with the transaction details to the issuing bank for verification.

As usual in the US market, the discussion is being shaped by opinion from many sides, some of which is driven by commercial and political interests, and some of which focuses purely on the technical hurdles. The unique and distinctive nature of the US cards market is a big factor – there are thousands of small card issuers but the market is dominated by a handful of large processors. There are a couple of dozen independent debit networks that grew from being ATM operators (explaining their PIN legacy) to having their cards accepted at POS, although ATM reciprocity – being able to use one network-brand card in an ATM operated by another network brand – is virtually non-existent. Those debit networks compete with internationally-branded debit that is still based on signature, aligning with similarly-branded credit cards. Then there’s been Durbin and its impact on the move of debit to chip (but let’s not go there…), and unlike other card markets around the world, the US has no central organization that coordinates policy and practice on card payments, making it very difficult to gauge industry opinion and to achieve consensus on industry matters.

In spite of all this, there are a number of points around this discussion that need to be made plain. First is that there’s no doubt that PIN at POS is a superior method of cardholder identification than signature, which in reality is hardly ever checked. It’s also quicker and requires no merchant interaction with the card. Second, the argument that credit card users will not be able to remember a PIN because they don’t use a credit card at ATM has been disproved in many other countries who have made seamless transitions to Chip and PIN – cardholders in general did not have to think twice about switching to PIN. Third is that pretty much all POS devices now have the ability to accept PIN, and the days of multiple devices on store counters are long gone. Fourth is that all networks and all acquirer and issuer systems have the ability to send a PIN and to verify a PIN as part of authorization processing; whether it is switched on for all products is another question, but it’s not a show-stopper. 

Another line of argument against the adoption PIN for all purchases has been that the superior quality of online authorization processing available from US networks makes PIN unnecessary. That is plainly untrue, since fraud still happens; the truth is that a large proportion of lost and stolen card fraud is authorized by card issuers, and PIN would prevent that. Alongside that line of dissembling is the deliberate confusion of PIN at POS with offline processing, where a purchase can be authorized remotely without contacting the card issuer. That may have a bearing on the adoption of Offline PIN (stored in the chip) for local verification, where other risk management features provided by EMV would also come into play, but has no bearing on the use of Online PIN that is checked by the card issuer. Naturally networks will argue tooth and nail against any move towards offline transactions that may consequently see a reduction in network traffic (and therefore charges), but the attempt to confuse PIN with offline authorization is plain unworthy.

 

TagsCards

Comments: (1)

Kevin Smith
Kevin Smith - Kevin Smith Consulting Ltd - Reading | 12 March, 2015, 12:24

Agree. The discussion is being deliberately confused and clouded to meet other business drivers from key stakeholders. Why would you install a security door and not draw the bolt. EMV chip alone gives you counterfeit protection, and this is critical where fraud is meerily mag stripe-read and issuer-authorised. EMV chip supports offline and online authorisation, based on parameters set by the issuer and acquirer. So it will go online in the US. No problem. Signature is broken and has been for as long as I have been in payments. It is like no CVM at all, which is also a common even preferred option in the US. That said, PIN verification, whether on or offline, gives you far superior lost/stolen protection, where the fraud will migrate to. Consumers are not daft, they can remember a PIN, theres just a lot of credit card holders in the US to educate. Is PIN as a CVM fall-proof? Not 100%. Cardholders forget that "PIN" standards for Personal Identification Number, you are supposed to keep it secret. As seen elesewhere, there will be more spam emails, shoulder surfing, PIN compromise attempts at ATMs/POS, illicit cameras, etc. There will be concerted attempts to compromise hardware, software, security standards, certification, even the manufacturing process, etc. We have learnt a lot as an industry over the past 20+ years, lets share and use it wisely. There are still plenty of other weak spots in the payment process. The challenge is you manage risk through a layered solution approach, EMV chip and enhanced CVM options is just another example of that.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Nigel

Adding Value Is The Key To Mobile Payment Success

13 July 2015  |  2408 views  |  0 comments | recomends Recommends 0 TagsCardsMobile & online

US Adoption of Chip and PIN - Pressure Grows

10 March 2015  |  2605 views  |  1 comments | recomends Recommends 1 TagsCards

Nigel's profile

job title VP Business Development
location London
member since 2009
Summary profile See full profile »
VP responsible for global Business Development currently focused on N America. Proxama, who acquired Aconite in late 2014, is the leading digital payment enablement and proximity engagement innovation...

Nigel's expertise

Member since 2009
2 posts9 comments
What Nigel reads
Nigel writes about
CardsMobile & online
Nigel's blog archive
2015 (2)

Who's commenting on Nigel's posts