EMV Rollout: Are PINs Essential?

Reduction in Fraud Could Be Limited If PINs Not Required
EMV Rollout: Are PINs Essential?
Tim Webb

Many issuers of chip-based credit cards will likely allow U.S. consumers to complete transactions with a signature, not a PIN, which will limit the fraud protections offered by EMV cards, says Citizen Financial Group's Tim Webb.

Continued use of signatures for in-person credit-card payments is seen by card issuers as a way to help encourage use of chip-based credit cards, says Webb, senior vice president and director of fraud management of banking product operations at the British-owned American bank based in Providence, R.I. That's because consumers are already accustomed to using signatures to complete purchases with magnetic-stripe credit cards. But Webb says in an interview with Information Security Media Group that signatures don't provide the same level of security as personal identification numbers.

"In many ways, a PIN is more secure because it requires that additional level of authentication," says Webb, a featured presenter at ISMG's Oct. 23 Fraud Summit New York. "In a PIN environment, lost and stolen [card] fraud transactions would be less numerous. [Fraud involving] mail theft - non-receipt of credit card - would be more difficult to perpetrate. In a signature environment, those things could continue."

Weighing the Pros and Cons

Webb said in a followup interview that Citizens Financial has tentatively decided to advise its credit card holders to use a PIN as the preferred authentication method. "Issuers need to weigh the merits of both [PIN and signature] and make their own decision based on their risk appetite and evaluation of both the market they compete in, and their customers' sentiments," he said. "Several large and medium issuers have announced they will issue cards with PIN authentication preferred, and this tends to make it easier for others to follow suit. But again, every issuer has to make an independent, informed decision."

Card issuers are expected to begin a widespread rollout of EMV cards in the U.S. in 2015, a process that could take three to four years to reach most American card users. Payment cards that use the European-Mastercard-Visa standard, which are ubiquitous in many other nations, have encrypted computer chips that provide far better security than the magnetic stripes found on most credit and debit cards now in use in the U.S.

Other nations that have made the shift to EMV eventually saw in-person fraud decline, while card-not-present fraud, such as for e-commerce, substantially grew. That's because chip cards don't play a role in boosting security for online purchases (see Expect a Fraud Surge During EMV Rollout).

In the interview at the Fraud Summit, Webb:

  • Discusses how fraudsters will focus on exploiting the dwindling number of magnetic stripe cards as EMV cards get introduced into the American marketplace; and
  • Explains why more fraudsters will switch their focus to online identity theft because card counterfeiting should be all but eliminated with the introduction of EMV cards; and
  • Describes the potential opportunities for fraudsters to exploit new digital wallet technologies, such Apple Pay.

As senior vice president at Citizens Financial, Webb provides strategic direction and recommendations for fraud detection technologies, best practices and customer experience enhancement. He also works with internal fraud teams to design and implement improvements. Before joining the bank, he served as director of fraud operational strategy at Chase Card Services for more than a decade.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.