United States

The true impact of Chip and PIN: Separating fact from fiction


Download whitepaper

The credit card brands have mandated that U.S. merchants must accept Chip and PIN payment cards starting in October 2015. This news is viewed as a boost to credit card security, following several high-profile breaches at major retailers. However, implementing Chip and PIN technology is not the cure-all for the card industry’s security ills.

Contrary to popular belief, Chip and PIN technology does not reduce Payment Card Industry (PCI) scope or greatly increase overall security. However, Chip and PIN does discourage fraud by making it difficult to clone stolen credit cards. Basically, a traditional magnetic stripe credit card is static and can be used to create fraudulent cards, while Chip and PIN cards are dynamic, creating a new message for each transaction.

The migration to Chip and PIN also signals a liability shift for fraud. The card brands endorsing Chip and PIN have communicated that the party, either the merchant or bank, using lesser technology will be responsible for any fraudulent transactions.

Unfortunately, the conversion process to Chip and PIN is costly for both merchants and banks. Merchants must install new PIN pads and potentially new point-of-sale systems to accept the new cards. Banks must issue new credit cards to all customers to replace existing magnetic stripe cards.

The Chip and PIN mandate is mostly about combating credit card fraud, and not increasing security or satisfying PCI requirements. Merchants must decide whether to implement the technology, considering the cost, potential liability and relationship with the acquirer or processor.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




AML and regulatory compliance webcast series: Winter 2018

  • February 13, 2018


Cybersecurity risks for employee benefit plans

  • January 11, 2018


Understanding cybersecurity and operational risks of cryptocurrency

  • November 09, 2017


Cybersecurity best practices and considerations for the public sector

  • October 26, 2017


Learn the real cost of a data breach

  • October 17, 2017