IRMA: Your New “Chip and Sign” Credit Cards Are Not Secure Enough

IRMA letterhead logo

September 24, 2015 Catie Sheehan, 217-220-1717


SPRINGFIELD –Many Illinoisans have already received new replacement credit and debit cards in the mail—each with a computer chip to go along with the new credit card rules imposed by financial institutions that will be implemented on October 1, 2015. Banks and credit card issuers say these chips offer enhanced protection for consumers against fraud. “IRMA believes these chip-and-sign credit cards do not do enough to protect consumers from fraud,” said IRMA President and CEO Rob Karr. “There’s a better method out there that utilizes the chip technology, and we should be using that.”

Starting October 1, 2015, there will be major changes in how credit card transactions are processed and who will be responsible for fraud costs. “Illinois retailers are gearing up their stores to be ready to take cards with chips in them; if they don’t make the upgrades for chip technology by October 1, retailers will be responsible for covering fraud instead of the banks or credit card issuer,” said Karr. Prior to this change, banks have been responsible for a share of fraud losses when a counterfeit card is used, and retailers are on the hook when the person using the card is not the authentic cardholder. Consumers will notice the change when they use their credit cards in the way they insert them in the payment terminals instead of swiping and signing.

“We applaud banks for taking a first step, but consumers need to be aware these new credit cards are not significantly safer than their old ones,” said Karr. “Unfortunately, this means consumers are still at risk. Banks took a baby step here. Retailers are investing billions in point-of-sales systems so we are ready to accept the safest possible cards as soon as banks decide to fully protect consumers.”

Instead, IRMA would like to see the “chip-and-PIN” technology used with credit and debit cards to effectively cut down on fraud for consumers, retailers and banks. Karr says retailers believe the shift in liability is unfair because the chip-and-sign cards reduce banks’ limited exposure to fraud but don’t significantly reduce fraud for retailers or consumers.

Chip-and-signature cards require a signature like the former system, but therefore, face the same issues as the old legacy cards such as forgery and replication. “According to the Federal Reserve, chip-and-PIN cards are 700 percent more secure than chip-and-signature,” said Karr. “Despite these concerns, card issuers and financial institutions have chosen the less secure chip-and-signature cards that continue to put U.S. consumers at risk.”

Chip-and-PIN cards credit/debit cards have a chip just like the chip-and-sign cards, but the chip-and-PIN cards hold the cardholders’ personal identification number (PIN) data. To use a card, a customer must enter a PIN number instead of a signature to complete a transaction. Each transaction generates a new code, making the information difficult to intercept and cards almost impossible to counterfeit. Requiring a PIN number for every transaction eliminates fraud based on forgery and renders a stolen credit card useless to a thief who attempts to make a purchase at a local store.

Karr says while the United States is shifting to the unsecure payment method of chip-and-sign, every other G-20 nation has replaced the magnetic stripe cards with chip-and-PIN cards within the last 12 years. Chip-and-PIN technology was first implemented in the United Kingdom in 2003. After it was introduced, credit card fraud in the U.K. plummeted 67 percent within six years due to banks and merchants using chip-and-PIN cards. Since it has been more difficult to compromise the chip-and-PIN cards, criminal elements have focused their attention on the only developed country in the world that does not use chip-and-PIN technology. During this same period as fraud decreased in Europe, data breaches that included credit card fraud in the U.S. increased. In 2012, U.S. consumers accounted for 47.3 percent of worldwide payment card fraud losses. “We have a real problem here,” said Karr.

The retail industry isn’t the only industry that recognizes that a shift to a chip-and-PIN system is imperative to consumer safety. The U.S. federal government has implemented chip-and-PIN for all new and existing government credit and debit cards. As the government and retailers invest in new and more secure terminals at registers, so too must the card issuers and financial institutions provide more safety for consumers.

Card issuers and financial institutions have made conflicting statements as to why they are issuing more fraud-prone credit cards to their American customers. In a recent Wall Street Journal article, a senior executive at MasterCard said many consumers find it difficult to remember a four-digit PIN number. Anecdotally, this argument seems hard to swallow given that millions of Americans regularly enter a four-digit code to use an ATM machine or to unlock their smartphone.

“Chip-and-signature cards do not go far enough to protect American consumers and will continue to make the U.S. an attractive target for criminals who can no longer be successful in compromising credit card data elsewhere,” said Karr. “Card issuers and financial institutions need to join the U.S. government and retailers in adopting the chip-and-PIN model to better protect U.S. consumers.”


About the Illinois Retail Merchants Association (IRMA)

One of the largest state retail organizations in the United States, IRMA serves as the voice of retailing and the business community in state government. Founded in 1957, IRMA represents more than 23,000 stores of all sizes and merchandise lines. From the nation’s largest retailers to independent businesses in every corner of the state, merchants count on IRMA to fight for the best possible environment in which to do business in Illinois.