Credit Card Companies Knew Security Risks Nearly 25 Years Ago
NEW YORK (MainStreet) A Visa presentation in late February 1990 detailed the "safest product for banks and consumers" a debit card with "less fraud," and yet the personal identification number (PIN)-based card has yet to be widely implemented in the U.S., nearly 25 years later. In testimony to the Senate this week, National Retail Federation senior vice president and general counsel Mallory Duncan said it's time for an overhaul of the nation's fraud-prone credit and debit card system.
Signature-only credit and debit cards "put merchants and their customers at risk," the NRF says.
The association of retailers has posted a presentation agenda on its website of a "Debit Advisors Meeting" held in Phoenix in 1990 where research was presented showing that PIN-based cards provided "more security for consumers, retailers and banks."
So called "PIN and chip" cards utilize an embedded computer micro-chip and require the entry of a PIN number with each transaction, rather than simply a signature. Widely used in Europe, the technology has seen little adoption in the U.S. The credit card industry is considering issuing cards with micro-chips, but transactions could still be completed with either a PIN entry or signature, a process the NRF says defeats the key security provision.
"Everything a fraudster needs is right there on the card," Duncan told the Senate Committee on Commerce, Science and Transportation, describing the security flaws of current credit and debit cards. "The bottom line is that cards are poorly designed and fraud-prone products that the system has allowed to continue to proliferate."
He also noted that current magnetic stripe cards with signatures are too easy to duplicate and forge.
"There are technologies available that could reduce fraud," Duncan said. "An overhaul of the fraud-prone cards that are currently used in the U.S. market is long overdue."
The NRF has urged card issuers to distribute next-generation cards that would require use of a PIN. With or without an embedded microchip, the NRF contends a PIN-based card would provide greater security for consumers and retailers alike.
"Protecting all cards with a PIN instead of a signature is the single most important fraud protection step that could be taken quickly," Duncan said. "It's proven, it's effective, and it's relatively easily implementable. PIN debit cards are close to ubiquitous worldwide, and readily producible in the U.S. [While a] chip is a desirable add-on, if speed of implementation is of importance, then substituting PIN for signature is preferable to implementing chip."
Along with switching to more-secure, PIN-based cards, the NRF supports additional steps aimed at preventing fraud and data breaches, including end-to-end encryption of data, tokenization rather than storing data, and mobile payments.
--Written by Hal M. Bundrick for MainStreet