Tuesday, November 24, 2015

Attorneys General push for faster EMV adoption

Eight states and the District of Columbia are lobbying major credit card companies to rollout more secure credit cards on a faster basis. They are also arguing that in-person purchases should require PINs rather than signatures for authorization. From Government Technology magazine:

(TNS) -- Connecticut State Attorney General George Jepsen announced Monday that he is urging major credit-card processors nationwide to roll out new technology as soon as possible to help reduce data breaches affecting consumers.
Jepsen and eight other attorneys general from across the nation said in a letter Monday to companies including MasterCard, Visa, Discover Financial Services and Bank of America that they would like to see chip and PIN technology implementation speeded up. These technologies are considered to be more secure than the magnetic-stripe methods normally employed for credit cards as well as the chip-and-signature Europay, MasterCard and Visa specifications currently being implemented. 
"Over the last few years, breaches at major retailers that involved credit and debit card information have really shown a giant spotlight at the inherent weakness and vulnerability of magnetic strip cards even when the cards are lost or stolen," Jepsen said in a statement. The attorneys general said local businesses face financial and reputational risks stemming from loss of consumer trust after breaches.
Jepsen said other countries have proven the advantages of chip-and-PIN cards. "Consumers in Connecticut and across the country deserve access to the absolute best that the industry has to offer," Jepsen said. "Right now, that is chip and PIN, and I believe it's my responsibility to advocate on their behalf for it." 
Unfortunately, according to Jepsen, most U.S. chip cards rely on signatures rather than PINs, and these are easier to forge or copy...

My opinion is that faster implementation would be easier said than done. While the credit card companies have been and could continue issuing cards with chips, the bigger backlog is in merchants obtaining certified, validated hardware to read the chip and PIN data, and then to have that data transmitted or imported into their accounts receivable software.

1 comment:

  1. Hi Russ,

    I totally agree on making some changes on credit card, especially now that criminals can easily infiltrate the system and can access and cards at any given moment. Requiring PINs will definitely help, but there are still some chances that hackers can get the password -- but at least it will be safer. Mere signing after using credit card doesn't give much security to the owner, since when stolen, the thief can just copy the signature very easily. But if it requires a PIN, it would be hard for them to steal it; unless they're excellent hackers.

    Just like you, I am also hesitant requiring a PIN for credit card usage as it there would be setback when implementing it, but at least er have a better option for consumer safety.