Attorneys general push banks on chip cards

Attorneys general push banks on chip cards
© Getty Images

The largest financial institutions in the United States are under new pressure to mandate the use of PIN codes with new microchip-enabled credit cards.

Attorneys general from eight states and the District of Columbia sent a joint letter Monday urging banks to adopt technology that could reduce the impact of data breaches and credit card fraud.

Banks have issued new chip-based cards this year, bringing the U.S. belatedly in line with most of the world. Retailers have long argued that chip-enabled, or EMV, cards should be accompanied with a secondary four-digit identification PIN code, similar to an ATM code, that consumers would type in, instead of using a signature verification.


“There can be no doubt that this is a less than secure standard, since signatures can be easily forged or copied or even ignored at the point-of-sale,” the attorneys general wrote in the letter.

“In order to better protect consumers, the chip-enabled cards issued in this country must be reinforced with the requirement that consumers enter a PIN to verify the transaction.”

The letter was addressed to the CEOs of MasterCard, Capital One, Visa, Citigroup, Discover, American Express, Bank of America and JPMorgan Chase. The attorney generals of Connecticut, the District of Columbia, Illinois, Maine, Massachusetts, New York, Rhode Island, Vermont and Washington state all signed the memo.

The letter came after an Oct. 1 deadline where merchants who had not upgraded their new technology to accept EMV cards would have to foot the cost of any fraudulent transactions.

Lawmakers held hearings in October with financial institutions and small businesses to discuss the transition to the new technology and how they could make it easier for merchants.

The National Retail Federation applauded the letter, calling chip and PIN “the standard” for card security in the United States and the world.

“This is further proof that top law enforcement officials and security experts agree that continued reliance on an illegible scrawl isn’t good enough to protect American consumers when the technology of a secret, secure PIN is readily available,” said Mallory Duncan, NRF senior vice president and general counsel, in a statement.

However, a major payments group condemned the letter, arguing that PIN technology would not have prevented the breaches at major retail stores, like Target and Home Depot and encouraged retail associations to adopt “multi-layered security solutions, including chip cards, tokenization, biometrics and encryption.”

“Their campaign to mandate PIN is an attempt to prevent the adoption of common sense data security standards, which could protect consumers by preventing hackers from stealing data from big box retailers,” said Sam Fabens, spokesman for the Electronic Payments Coalition, in a statement.

Other states have recommended the use of other security methods to prevent fraud. Hawaii's attorney general suggests implementing biometrics, or fingerprint recognition, for credit card purchases. Georgia's attorney general also withdrew his support from the letter last week.

“Instead of investing in this misguided campaign,” Fabens added, “retailer associations should work with their members to adopt these valuable data security solutions that the payments industry has committed to implementing.”