The deadline for EMV implementation passed in October 2015, and despite the prevalence of chip cards, questions still linger about the conversion. Many wonder why the US disregarded chip and PIN in favor of the chip and signature method. There is much speculation on the decision, and in this guide, readers can learn the differences between Chip and PIN and Chip and Signature transactions and how they affect various transaction types.
Chip and PIN and Chip and Signature Transactions: What is the Difference Between the Two Methods?
Chip cards, whether they are PIN- or signature-based, are much more secure than the older magnetic stripe cards. The additional security is due to the microprocessor chip on the face of the card, which stores encoded security credentials and cardholder information. The chip creates a unique transaction code with every use, which prevents card cloning because the stolen information is rendered useless outside of the single transaction.
On the other hand, the data on a magnetic stripe card can easily be stolen and cloned onto a blank card. Because EMV adoption may not be complete for several years, all chip credit and debit cards will come with magnetic stripes for usage with non-compliant vendors. There still is a potential for such cards to be hacked and cloned, as merchants install new POS systems.
The argument for the PIN and signature method starts during the verification step of the transaction. A cardholder’s PIN is encrypted and checked by the issuer before the transaction can conclude, which adds another security layer to the chip card. Signature verification is simple—the customer provides a signature and the merchant compares it to that on the card’s back, much like the method used for credit card purchases. While the PIN is the securest option, chip and signature is still safer than the old magnetic stripe standard.
Counterfeit Fraud vs. Lost/Stolen
The United States has seen a substantial increase in the level of counterfeit-based card fraud during the past few years, but with chip and signature, it is largely preventable. With that said, there is still intense discussion over why the US chose the signature as opposed to the PIN. Some think that issuers fear devious behavior from those with no PIN familiarity, and others believe that implementation costs are too high.
The PIN is most valuable in environments where cards are stolen or lost, because it provides a security layer that prevents a thief from using the card. Stolen and lost card fraud in the United States is declining as card counterfeiting is increasing, and the argument over the cost of PIN implementation is perfectly reasonable. Additionally, though stolen card fraud has decreased since other countries have implemented chip and PIN, the past year has seen a steady increase as enterprising hackers have modified their methods to once again gain access to customers’ PIN data.
Card Present vs. Card Not Present Fraud
Another valid point to contemplate in the argument over the Differences Between Chip and PIN and Chip and Signature is how each method addresses CP (card present) and CNP (card not present) fraud, as compared with shifts in transaction frequency via each channel. As previously mentioned, chip and signature handles a significant portion of counterfeit-based card fraud, which falls into the CP category. Requiring a PIN would still only be useful in catching CP fraud, especially from stolen and lost cards.
The unfortunate thing about the implementation of chip cards is that it has not done enough to stop CNP fraud, which commonly occurs through e-commerce transactions. In all countries adopting EMV, CNP fraud has substantially and rapidly increased. In the United Kingdom, CNP fraud increased for the four years following EMV implementation, and it is still more prevalent than it was before the advent of EMV.
Is PIN Implementation Worthwhile for the US?
For EMV in the United states, transactions without a card present are projected to grow at a rate of 15% per year, and transactions are expected to number over 27 billion yearly by 2018. By comparison, CP transactions will see growth remain anemic at just four percent. Therefore, the question must be asked—if PIN usage is almost useless in the battle against the fastest-growing area of payment acceptance, and the most common form of fraud, is it sensible to implement the practice? Now that the liability shift has concluded and the least EMV-compliant party is liable for fraud, it is important for all sides to learn about the changes involved in EMV adoption.
Most retail outlets have installed new EMV-compliant POS devices, and others are struggling to catch up. While chip cards are ostensibly more secure, hackers are rapidly coming up with ways to access customers’ sensitive data. PIN usage adds security for online and in-store transactions, as signature verification makes other transactions more secure. Both methods have their benefits and disadvantages, and it’s up to the vendor as to which will be used.