The Chip-and-PIN vs. Chip-and-Signature Debate

emv card reader - signature vs pin

The U.S. remains in the very early stages of the EMV® (short for Europay, MasterCard® and Visa®) payment migration as microchips are being included in new credit and debit cards everyday. Deployment of this global payment processing standard for point-of-sale (POS) transactions was stimulated by the EMV fraud liability shift that occurred in October 2015, ensuring EMV technology participants would not be liable for most counterfeit credit card transactions. In a liability shift scenario, the liability for the transaction would be shifted to the participant with the lowest level (non EMV compatible) card reader technology.

Unlike magnetic stripe cards, chip cards are very difficult to counterfeit because the embedded microchip exchanges unique, dynamic data with a terminal each time it’s used. This tokenization process combined with the microchip make it nearly impossible for cybercriminals to create fraudulent accounts or make counterfeit cards, because the chip itself cannot be replicated.

In America the EMV liability shift deadline has passed but the method of EMV rollout and implementation is causing controversy. Outside of the U.S. in countries where EMV standards are in place chip-and-PIN cards and transactions are standard procedure. But here in the U.S. the only requirement is issuance of chip-and-signature cards. Supporting or not supporting chip-and-PIN verification methods is left to choice for issuing banks and card accepting merchants in the U.S.

With chip-and-PIN, users must enter a four-digit Personal Identification Number (PIN) that corresponds to information embedded in the chip card. Chip-and-signature card transactions are done with the customer’s signature and no PIN is required to complete the transaction.

The majority of retailers and card-issuing banks in the U.S. don’t see the necessity of PIN use in EMV payment transactions regardless of the signature verification approach universally considered less secure than chip-and-PIN.

The federal government has taken a public stance in favor of PIN use in EMV transactions more than once. The FBI advised merchants in a public service announcement to require customers to use a PIN as a more secure option, or at the very least, require customers to present government-issued photo IDs if paying by chip-and-signature. They warned that EMV chip cards were still vulnerable to card-not-present (CNP) fraud, noting their ineffectiveness at preventing stolen or counterfeit cards from being used online or via telephone purchases.

Merchants have expressed concerns that customers may forget their PIN numbers, slowing down transaction times or making the transaction impossible to complete. Hundreds of millions of bank accounts in the U.S. require PINs to conduct transactions with debit cards, as is the case with chip card transactions around the world. This makes it difficult to understand the resistance to issuing chip-and-PIN cards when it offers a greater level of security than chip-and-signature cards. Industry experts anticipate banks will eventually shift to chip-and-PIN issuance noting the inefficiency of not doing everything all at once during this time of transitioning to EMV adoption.

For more information on the benefits of EMV credit card processing, visit www.goemerchant.com/emv. We offer EMV card readers to help your business become EMV compliant and reduce your vulnerability to payment fraud.