Credit card security: Chip and PIN debate

Will banks, retailers be ready for October?

DETROIT – Since the Target data breach affected millions in 2013, American consumers have become painfully aware of how security on their credit cards stacks up against the security in other countries. In Europe and Canada, the "Chip and PIN" system is credited with cutting fraud dramatically. Consumer advocates have been calling for the same security in the U.S., but that's not happening as quickly as some would like.

Currently, retailers and banks are targeting an Oct. 1 deadline to get most credit cards chip-enabled. Many may have noticed the encrypted chips appearing on newer credit cards. The chips are more secure because they cannot be copied and they create a unique code each time they are used.

"I think everybody's on the same page (with) wanting to make transactions more secure," said Alan Bergstrom, senior vice president and chief marketing officer at Community Choice Credit Union in Farmington Hills.

Bergstrom said his company is going full-speed ahead with the switch to chip credit cards. He said he expects the changeover for credit cards should be done by the end of September.

The timing is critical, because starting in October there's a shift in liability for credit card fraud. Currently, financial institutions absorb the cost of bogus transactions. In October, that responsibility will fall to whichever institution hasn't upgraded security.

"If a retailer doesn't have the proper reader to process that chip transaction, then the liability will be on the retailer," Bergstrom said.

To PIN or not to PIN?

While Bergstrom said everyone is on the same page, others disagree, including the Retail Industry Leaders Association.

"I would say the card networks and the banks aren't going far enough," said Brian Dodge, the executive vice president at RILA.

That's because right now, the plans for October call for a "Chip and Sign" process. That means customers will not have to use a PIN at the terminal to complete the transaction. They can just sign their name, as they do now, with the swipe cards.

"We've seen the benefits of chip and pin together in Europe, where fraud has come down substantially," said Dodge.

He believes the best security available involves the "Chip and PIN" system.

"The fact is this technology is not new," Dodge said. "It's not imaginary. The fact that it's not here in the United States is puzzling. (It) should be frustrating for all cardholders."

Bergstrom said he'd also like to see "Chip and PIN" in the future, but he questions if retailers will even be ready to accept the new chip technology by October.

"Where we see some lag is on the merchant's side, the retailer's side," Bergstrom said. "I think the real issue is getting merchants, particularly smaller businesses, to be able to absorb the cost of these much more expensive card readers."

Dodge disagreed, saying, "To the best of my knowledge, retailers are making considerable progress toward being compliant by Oct. 1."

Other players: Where do they stand?

Where do major players like Visa and MasterCard stand on all this? They'd like to allow banks to choose what makes sense for their customers. MasterCard said the chips are a big step forward.

"The chip technology itself really addresses the majority of fraud that the U.S. is seeing," said Carolyn Balfany, MasterCard's senior vice president of U.S. Product Delivery.

Dodge remains steadfast in his belief that the PIN is needed to truly improve security.

"When it's the bank's money at risk, they require PIN numbers. When it's a merchant's money at risk, they're willing to accept a lower level of security."

There are other issues to consider when talking about the constant use of PINs. Bergstrom pointed out that they come with some risks, like forgetting the code, especially if you have a different PIN for each credit card.

"When you forget your PIN at a transaction, the transaction gets denied," Bergstrom said.

Consumers that spoke with Ruth to the Rescue are split, but a slight majority are open to the idea of using a PIN for each transaction.

"I'd rather see the most secure. It's not that more difficult to type in a four-digit PIN," said Michelle Powell of Oak Park.

David Martin of Ferndale took the other side.

"I definitely don't like the idea of entering a PIN every time I make a purchase," he said. "I think I would rate convenience over security up until the moment I got burned."

Join the Debate

Ultimately, you could help shape the debate depending on what level of convenience or security you're comfortable with regarding your transactions. Moving forward, consumers should think about discussing their concerns with their banks and the stores where they frequently shop.

"So, for those people who want the highest level of security, they should demand that from their bank," Dodge said.

Credit card companies also face a challenge in meeting the October deadline. At the end of 2014, only 10 percent of the 1.2 billion cards in America had been chip-enabled.

Ruth to the Rescue will keep you posted in the coming months.

About the Authors: