Newsroom
October 31, 2014
Krebs: Chip-and-PIN vs. chip-and-signature
KrebsOnSecurity recently looked into the differences and preferences of chip-and-PIN versus chip-and-signature for card issuers and consumers and, while finding pros and cons for each, said he found that the U.S is largely adopting chip-and-signature technology.
Brian Krebs, author of KrebsOnSecurity, talked with two experts to get their take on both card technologies and why many card issuers are leaning toward the signature technology over the PIN.
Julie Conroy, a fraud analyst with The Aite Group, said the PIN technology only addresses fraud when the card is lost or stolen, which, she said, "is very small in comparison with counterfeit card fraud." Avivah Litan, an analyst at Gartner Inc., said that most card issuers and Visa don't want the PIN technology "because the PINs can be stolen and used with the magnetic strip data on the same cards (that also have a chip card) to withdraw cash from ATM machines" – a cost financial institutions have to cover.
Litan commented, however, that retailers are more in favor of chip-and-PIN technology due to the strengthened security of the point-of-sale transaction. Retailers that do not have chip-accepting card readers but are presented with a chip card must cover any fraud costs that occur at the POS.
Other concerns about the chip-and-PIN technology the experts noted were consumers forgetting their PIN and the issuer seeing a significant dip in transactions and the fact that the U.S. is a competitive market, and no card issuer "wants to have the card in the wallet this is the most difficult card to use," Conroy said.
Litan estimated that by 2015, 50 percent of cards and terminals in the U.S. will be chip-enabled. However, she said, until full compliance, consumers' data will still be backed up on magnetic strips. "[W]e're probably looking at about 2018 before we can start making plans to get rid of the magnetic stripe on these cards."
NAFCU is working towards secure payments across all sectors as part of the Payments Security Task Force, which is a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time. The association is also pushing Congress to establish a bipartisan working group to develop legislative recommendations to address ongoing retailer breaches.
Brian Krebs, author of KrebsOnSecurity, talked with two experts to get their take on both card technologies and why many card issuers are leaning toward the signature technology over the PIN.
Julie Conroy, a fraud analyst with The Aite Group, said the PIN technology only addresses fraud when the card is lost or stolen, which, she said, "is very small in comparison with counterfeit card fraud." Avivah Litan, an analyst at Gartner Inc., said that most card issuers and Visa don't want the PIN technology "because the PINs can be stolen and used with the magnetic strip data on the same cards (that also have a chip card) to withdraw cash from ATM machines" – a cost financial institutions have to cover.
Litan commented, however, that retailers are more in favor of chip-and-PIN technology due to the strengthened security of the point-of-sale transaction. Retailers that do not have chip-accepting card readers but are presented with a chip card must cover any fraud costs that occur at the POS.
Other concerns about the chip-and-PIN technology the experts noted were consumers forgetting their PIN and the issuer seeing a significant dip in transactions and the fact that the U.S. is a competitive market, and no card issuer "wants to have the card in the wallet this is the most difficult card to use," Conroy said.
Litan estimated that by 2015, 50 percent of cards and terminals in the U.S. will be chip-enabled. However, she said, until full compliance, consumers' data will still be backed up on magnetic strips. "[W]e're probably looking at about 2018 before we can start making plans to get rid of the magnetic stripe on these cards."
NAFCU is working towards secure payments across all sectors as part of the Payments Security Task Force, which is a diverse group of participants in the payments industry focused on EMV chip implementation, including ways to help reduce testing and implementation time. The association is also pushing Congress to establish a bipartisan working group to develop legislative recommendations to address ongoing retailer breaches.
Share This
Related Resources
Add to Calendar 2024-05-03 14:00:00 2024-05-03 14:00:00 Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing About the Webinar In January 2024, Pentegra conducted a survey of retirement plan sponsors and their perspectives on retirement plan management and fiduciary outsourcing. The survey measured how sponsors are using fiduciary outsourcing to help better manage their retirement plans. It also captured their perspectives on what outsourcing does to help them better position their plans and drive improved retirement plan outcomes. Key Takeaways: What is the full scope of your responsibilities as a plan sponsor? What is fiduciary outsourcing and how does it work? How does fiduciary outsourcing help reduce workloads and minimize risk? How can a credit union best position its plan to drive improved outcomes? Register Here Web NAFCU digital@nafcu.org America/New_York public
Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing
preferred partner
Pentegra
Webinar
Ensuring Safety and Soundness with AI
Management, Consumer Lending, FinTech
preferred partner
Upstart
Blog Post
Turning Lemons into Lemonade: Capitalizing in a Post-Banking Crisis Era
Strategy
preferred partner
Allied Solutions
Blog Post
Add to Calendar 2024-05-02 14:00:00 2024-05-02 14:00:00 Mastering Resilience in Incident Response Plans About the Webinar An Incident Response (IR) plan is crucial for guiding credit unions through major incidents efficiently and effectively. However, many IR plans lack resilience, making them less adaptable to the evolving threat landscape. Join us for our webinar Mastering Resilience in Incident Response Plans where DefenseStorm cyber experts Elizabeth Houser and James Bruhl will delve into the importance of resiliency within cybersecurity IR plans. Don’t miss out on the opportunity to learn how to: Ensure IR plan accessibility so that all team members with assigned roles are prepared for effective incident response. Conduct efficient and regular reviews to ensure roles and responsibilities are current, tools are relevant, and compliance requirements are met. Implement and utilize tabletops to regularly test the effectiveness of your IR plan. Enhance preparedness, efficiency, and confidence among responders. View On-Demand Web NAFCU digital@nafcu.org America/New_York public
Mastering Resilience in Incident Response Plans
preferred partner
DefenseStorm
Webinar
Get daily updates.
Subscribe to NAFCU today.