The security in new microchip-embedded credit cards rolling out in the United States lags behind cards used abroad, according to a freshman senator who cofounded the Senate Payments Innovation Caucus earlier this year. But instead of trying to catch up, the U.S. should get ahead.
‘Chip and signature [cards] … are actually behind where the Europeans and others [are], and we’ll probably leapfrog over that technology very rapidly to get into biometrics and other kinds of security measures,” Michigan Sen. Gary Peters said during an event exploring payment technology held Thursday by The Hill newspaper in Washington, D.C.
Credit card companies in the U.S. are moving away from the old magnetic strip cards that a customer swiped to make a purchase and are issuing cards that use square metallic chips, which generate a unique code for every transaction, making them less vulnerable to fraud. It’s an effort to combat massive breaches of data from millions of payment cards that in recent years have become commonplace at retailers like Target and Home Depot.
Europe has used chip technology for years. But unlike their European cousins, which use a PIN to verify the card user, most American chip cards still only require a signature.
Retailers, which after a Oct. 1 deadline now face increased liability if they don’t update their terminals to read the chip cards, argue that chip and signature cards leave consumers only “partially protected” from fraudsters and don’t offer protection for cards that are lost or stolen.
But the banking and financial services industry has defended the move. And last month, the American Bankers Association objected when the FBI released an advisory that encouraged consumers to use a PIN instead of a signature to authenticate their identity when making purchases. The bureau abruptly changed course and later removed the language in an updated warning.
“We’re addressing the No. 1 type of fraud — counterfeit card fraud — with the chip. The chip doesn’t require the PIN to work,” Jason Oxman, CEO of the Electronic Transactions Association, said at the event.
Financial companies instead have touted the potential of biometrics — using face, voice or fingerprint recognition to verify a card owner.
“Biometrics is going to play a bigger role in payments going forward because it can be more convenient and it can be a stronger form of verification,” said Mark Nelsen, senior vice president of risk products and business intelligence at Visa, who also spoke at the event.
Meanwhile, some U.S. issuers are using cards with PINs, including the federal government. Following an executive order last year, the General Services Administration began rolling out chip and PIN charge cards to federal workers. GSA did not provide information on how far the roll out has gone before press time.
“They’re sending out new cards every day. Literally every day. [And] they’re literally plugging in new terminals every day,” Ben Flatgard, director of cybersecurity policy for the National Security Council, told FedScoop following Thursday’s event. “It’s a pretty dynamic process.”