As the holiday season quickly approaches, retailers and consumers across Maine and around the country are gearing up for Black Friday, holiday shopping and ringing in the New Year. Following last year’s whopping $616 billion holiday retail sales, spending this year is projected to jump 3.7 percent to more than $630 billion.
While more than $100 billion in sales will happen online, the remainder of holiday shopping — and the vast majority — will happen at the cash register in brick and mortar stores. And many of this year’s shoppers will be completing their purchases with new credit and debit cards that now have an embedded microchip.
These chip-cards are the culmination of the recent transition to EMV (short for EuroPay, Mastercard, VISA) technology, which entailed replacing magnetic stripe and signature cards with chip and signature cards. On Oct. 1, retailers and banks underwent a “liability shift,” whereby merchants across the country became responsible for upgrading their payment terminals to accept new chip-equipped credit and debit cards. In the event of a data breach or fraudulent financial activity, the burden now falls on whichever institution is using the older payment technology.
As a result of this supposed improvement to our payment security, consumers expect that each time they swipe or “dip” their credit or debit card they’ll be protected from the possibility of fraud with the best technology available. But these chip cards, which continue to rely on our signatures as a second form of authentication, are not as secure as they could or should be.
Chip and PIN technology, on the other hand, uses an advanced two-factor authentication system and has been used around the world for years. Along with the microchip, each card requires a unique PIN, or Personal Identification Number, that consumers must enter upon making a transaction.
Consumers in many other countries long since have abandoned magnetic-strip and signature cards and as a result have seen significant declines in credit card fraud. Should a thief attempt to steal or counterfeit a chip and PIN card and use it for an in-store purchase, it would be useless without knowing the PIN. What’s more, we could extend those protections even further if we had more robust mechanisms available for consumers to securely use their PINs during online transactions. The technology exists to securely use PINs online — it’s just not widely used.
Yet despite the overwhelming evidence of chip and PIN’s success, Visa, MasterCard and other financial institutions have been issuing chip-only cards, arguing that consumers would have trouble remembering an additional passcode. In actuality, the big banks and credit card companies are cutting corners to cut costs, forgoing the added PIN feature to reduce the amount they would have to invest in new cards.
“There are two indisputable facts,” Connexus Executive Director Gray Taylor recently wrote, “according to the Federal Reserve Bank, signature transactions have a 400 percent greater fraud risk than PINs, and consumers know that PINs are far more secure than signatures. (They can also, contrary to the card companies’ assertion, easily remember four-digit PINs!)”
Although it’s been well over a month since the Oct. 1 “deadline,” many small businesses in Maine have yet to install the chip readers, and several financial institutions across the state are still working on issuing chip-cards to all of their customers. As of late September, six out of 10 consumers had not yet received a chip-enabled card, and a recent survey from payments company Square reported that only “37 percent of the cards that Square vendors processed were chip cards.”
With the holiday shopping season fast approaching, and the lack of progress we’ve seen since the EMV transition, financial institutions should re-evaluate the chip-only cards and instead consider the success of chip and PIN technology around the world. Given the unrelenting stress of Black Friday and holiday shopping, consumers should feel confident that their financial information is protected at each and every register they encounter this winter. While it’s unlikely PINs will be issued in time this year, the nation’s financial institutions should give serious thought to implementing PINs so consumers will be protected next holiday season.
Debra Berlyn is president of Consumer Policy Solutions and director of the Consumer Awareness Project. She is also the leader of ProtectMyData.org.