United States

The true impact of Chip and PIN: Separating fact from fiction


Download whitepaper

The credit card brands have mandated that U.S. merchants must accept Chip and PIN payment cards starting in October 2015. This news is viewed as a boost to credit card security, following several high-profile breaches at major retailers. However, implementing Chip and PIN technology is not the cure-all for the card industry’s security ills.

Contrary to popular belief, Chip and PIN technology does not reduce Payment Card Industry (PCI) scope or greatly increase overall security. However, Chip and PIN does discourage fraud by making it difficult to clone stolen credit cards. Basically, a traditional magnetic stripe credit card is static and can be used to create fraudulent cards, while Chip and PIN cards are dynamic, creating a new message for each transaction.

The migration to Chip and PIN also signals a liability shift for fraud. The card brands endorsing Chip and PIN have communicated that the party, either the merchant or bank, using lesser technology will be responsible for any fraudulent transactions.

Unfortunately, the conversion process to Chip and PIN is costly for both merchants and banks. Merchants must install new PIN pads and potentially new point-of-sale systems to accept the new cards. Banks must issue new credit cards to all customers to replace existing magnetic stripe cards.

The Chip and PIN mandate is mostly about combating credit card fraud, and not increasing security or satisfying PCI requirements. Merchants must decide whether to implement the technology, considering the cost, potential liability and relationship with the acquirer or processor.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




ERP implementation risks and their impact on your organization

  • March 29, 2017


2017 cybersecurity outlook and key considerations for nonprofits

  • January 31, 2017


2017 economic and risk outlook

  • January 09, 2017


AML and regulatory compliance webcast series—Fall 2016

  • December 15, 2016


PCI DSS 3.2—What’s next?

  • December 08, 2016