The true impact of Chip and PIN: Separating fact from fiction
WHITE PAPER |
The credit card brands have mandated that U.S. merchants must accept Chip and PIN payment cards starting in October 2015. This news is viewed as a boost to credit card security, following several high-profile breaches at major retailers. However, implementing Chip and PIN technology is not the cure-all for the card industry’s security ills.
Contrary to popular belief, Chip and PIN technology does not reduce Payment Card Industry (PCI) scope or greatly increase overall security. However, Chip and PIN does discourage fraud by making it difficult to clone stolen credit cards. Basically, a traditional magnetic stripe credit card is static and can be used to create fraudulent cards, while Chip and PIN cards are dynamic, creating a new message for each transaction.
The migration to Chip and PIN also signals a liability shift for fraud. The card brands endorsing Chip and PIN have communicated that the party, either the merchant or bank, using lesser technology will be responsible for any fraudulent transactions.
Unfortunately, the conversion process to Chip and PIN is costly for both merchants and banks. Merchants must install new PIN pads and potentially new point-of-sale systems to accept the new cards. Banks must issue new credit cards to all customers to replace existing magnetic stripe cards.
The Chip and PIN mandate is mostly about combating credit card fraud, and not increasing security or satisfying PCI requirements. Merchants must decide whether to implement the technology, considering the cost, potential liability and relationship with the acquirer or processor.