US supermarket chain Kroger sues Visa over PIN transactions

US supermarket chain Kroger has filed a lawsuit against Visa over a disagreement about using PINs to verify EMV debit card transactions, according to the Wall Street Journal.

Although Visa has been at the forefront of the push to finally bring America into the EMV era, it has not insisted that cards are Chip and PIN.

Despite this, Kroger does require customers to authorise debit card transactions with a PIN, routing transactions to networks other than Visa.

According to the lawsuit, Visa has responded to this by saying that the configuration of Kroger's payments terminals does not meet its rules and demanding that payments are routed through its network.

Visa has already fined Kroger $7 million and is threatening to raise fees and even to cut off the grocer's acceptance of debit cards, says the WSJ.

Walmart and Home Depot, the US retail chain that saw 56 million accounts hacked in 2014, have both recently filed similar suits against Visa over the failure to mandate more secure Chip and PIN technology.

Related Companies

Visa

Channels

Retail banking Security Payments

Keywords

Cards Eftpos Legal

Comments: (1)

David Griffiths - Number19 Consulting - Hertford 29 June, 2016, 09:48

Be the first to give this comment the thumbs up

0 likes

Isn't this, as is usually the case, something of a red herring? Back in the dark ages when we all used magstripe cards, it was clear that transaction security was well and truely embedded in the use of the PIN. In those times, it was safer and threfore in the best interests of all to route transactions via a network that was able to support online PIN, and therfore PIN transactions were worthy of a reduced rate. Now that we all live in the 21st century, with the magic that is EMV, the real security no longer no longer rests with the PIN. Since it is not possible to clone a chip card without the clone being detected as countefeit, which clearly is not the case for magstripe, the PIN becomes a nice-to-have bolt-on - the only risk then comes from pre-status fraud, which in the big scheme of things is minimal. Interestingly, all the rules around routing of debit transactions and thir dependence on the PIN is really legislation for a bygone age. What we see here is little more than a gravy train for the lawyers.