Newsroom
October 31, 2014
Krebs: Chip-and-PIN vs. chip-and-signature
KrebsOnSecurity recently looked into the differences and preferences of chip-and-PIN versus chip-and-signature for card issuers and consumers and, while finding pros and cons for each, said he found that the U.S is largely adopting chip-and-signature technology.
Brian Krebs, author of KrebsOnSecurity, talked with two experts to get their take on both card technologies and why many card issuers are leaning toward the signature technology over the PIN.
Julie Conroy, a fraud analyst with The Aite Group, said the PIN technology only addresses fraud when the card is lost or stolen, which, she said, "is very small in comparison with counterfeit card fraud." Avivah Litan, an analyst at Gartner Inc., said that most card issuers and Visa don't want the PIN technology "because the PINs can be stolen and used with the magnetic strip data on the same cards (that also have a chip card) to withdraw cash from ATM machines" – a cost financial institutions have to cover.
Litan commented, however, that retailers are more in favor of chip-and-PIN technology due to the strengthened security of the point-of-sale transaction. Retailers that do not have chip-accepting card readers but are presented with a chip card must cover any fraud costs that occur at the POS.
Other concerns about the chip-and-PIN technology the experts noted were consumers forgetting their PIN and the issuer seeing a significant dip in transactions and the fact that the U.S. is a competitive market, and no card issuer "wants to have the card in the wallet this is the most difficult card to use," Conroy said.
Litan estimated that by 2015, 50 percent of cards and terminals in the U.S. will be chip-enabled. However, she said, until full compliance, consumers' data will still be backed up on magnetic strips. "[W]e're probably looking at about 2018 before we can start making plans to get rid of the magnetic stripe on these cards."
NAFCU is working towards secure payments across all sectors as part of the Payments Security Task Force, which is a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time. The association is also pushing Congress to establish a bipartisan working group to develop legislative recommendations to address ongoing retailer breaches.
Brian Krebs, author of KrebsOnSecurity, talked with two experts to get their take on both card technologies and why many card issuers are leaning toward the signature technology over the PIN.
Julie Conroy, a fraud analyst with The Aite Group, said the PIN technology only addresses fraud when the card is lost or stolen, which, she said, "is very small in comparison with counterfeit card fraud." Avivah Litan, an analyst at Gartner Inc., said that most card issuers and Visa don't want the PIN technology "because the PINs can be stolen and used with the magnetic strip data on the same cards (that also have a chip card) to withdraw cash from ATM machines" – a cost financial institutions have to cover.
Litan commented, however, that retailers are more in favor of chip-and-PIN technology due to the strengthened security of the point-of-sale transaction. Retailers that do not have chip-accepting card readers but are presented with a chip card must cover any fraud costs that occur at the POS.
Other concerns about the chip-and-PIN technology the experts noted were consumers forgetting their PIN and the issuer seeing a significant dip in transactions and the fact that the U.S. is a competitive market, and no card issuer "wants to have the card in the wallet this is the most difficult card to use," Conroy said.
Litan estimated that by 2015, 50 percent of cards and terminals in the U.S. will be chip-enabled. However, she said, until full compliance, consumers' data will still be backed up on magnetic strips. "[W]e're probably looking at about 2018 before we can start making plans to get rid of the magnetic stripe on these cards."
NAFCU is working towards secure payments across all sectors as part of the Payments Security Task Force, which is a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time. The association is also pushing Congress to establish a bipartisan working group to develop legislative recommendations to address ongoing retailer breaches.
Share This
Related Resources
Add to Calendar 2024-04-23 14:00:00 2024-04-23 14:00:00 Monitoring the Latest Litigation Risks Credit unions’ operations pose litigation risks, with more of these cases being filed as class action lawsuits. In this Monitoring the Latest Litigation Risks for Credit Unions webinar, you’ll review some of the specific kinds of lawsuits impacting credit unions and what potential claims could be on the horizon. You’ll also examine some options for mitigating risks. Key Takeaways Review the current lawsuit trends. Understand the potential claims risks Explore options for mitigating risks. Register Now $295 Members | $395 Nonmembers(Additional $50 for USB)One registration gives your entire team access to the live webinar and on-demand recording until April 23, 2025Go to the Online Training Center to access the webinar after purchase » Who Should Attend NCCOs NCRMs Compliance and risk titles Education Credits NCRMs will recieve 1.0 CEUs for participating in this webinar NCCOs will recieve 1.0 CEUs for participating in this webinar Web NAFCU digital@nafcu.org America/New_York public
Monitoring the Latest Litigation Risks
Credits: NCCO, NCRM
Webinar
Resiliency In Your Incident Response Plan
Cybersecurity
preferred partner
DefenseStorm
Blog Post
The Bottom Line on Insurance Tracking and Collateral Protection
Strategy
preferred partner
Allied Solutions
Blog Post
Add to Calendar 2024-04-15 09:00:00 2024-04-15 09:00:00 Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs Listen On: Key Takeaways: [03:50] With the merger of a smaller credit union into a larger one you are really only dealing with integrating staff into the larger credit union. [05:53] When working with a merger of equals we start with a deep dive into the executive compensation and benefits of each organization. [09:09] If your current executive benefits provider doesn’t conduct regular plan evaluations, consider having a plan audit anyway. [13:46] Don’t overpay for these things if you don’t have to. When you have more options available that means the cost is more appropriate. [17:11] It is in a unified organization’s best interest to do tier timelines where we look at your top executives who are critical to the unified organization’s success today and then slowly add in the next levels. Web NAFCU digital@nafcu.org America/New_York public
Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs
preferred partner
Gallagher
Podcast
Get daily updates.
Subscribe to NAFCU today.