THE BLOG
01/15/2015 03:12 pm ET Updated Mar 17, 2015

Credit Cards Need Chip and PIN Protection

ASSOCIATED PRESS

On Monday, President Obama announced a series of measures to improve cyber security and data protections for American consumers. From the Federal Trade Commission offices, the president introduced two proposals -- The Personal Data Notification & Protection Act and The Student Data Privacy Act -- to improve consumer confidence in technology and to combat identify theft.

Earlier projections of the president's remarks also had an expansion of his BuySecure Initiative, launched last year "to safeguard Americans' financial security," that included the implementation of chip and PIN technology for credit and debit cards. Last October, president Obama issued an executive order that required all government-issued payment cards to be equipped with chip and PIN protections. Although yesterday's speech made only a single reference to chip and PIN, the technology is arguably the most crucial element in reforming the country's data security policies and practices.

In fact, following the president's announcement, Virginia Senator Mark Warner, a member of the Senate Banking Committee, called on federal banking regulators to strengthen anti-fraud protections for consumers. In a letter to the Federal Reserve and the Consumer Financial Protection Bureau, Senator Warner pointed to the 380 million individuals affected by the "unprecedented wave of data breaches" over the last few years. While he lauded the president's initiatives for stronger payment security, Senator Warner said he was concerned with the federal banking agencies' lack of emphasis on issuing chip and PIN cards in the private sector in order to ensure "meaningful improvement in consumer safety."

Our current debit and credit card system is comprised of both the magnetic stripe-and-signature card as well as chip-and-signature cards, neither of which can really withstand the unrelenting targeting by sophisticated thieves. Cyber criminals are able to easily clone individual signatures as well as the financial information found on magnetic stripes, using the data to produce counterfeit cards. Chip and PIN-equipped cards, on the other hand, provide an additional layer of security for consumers by generating a unique four digit authentication code required for each individual transaction. Like Senator Warner, I too am puzzled as to why financial institutions continue to issue and encourage chip-and-signature cards when stronger anti-theft technology exists.

The recent high-profile data breaches have elevated the stakes for both financial institutions and merchants alike, and the debate over chip and PIN has been contentious between the two. Retailers and small businesses have argued that the up-front cost of installing the payment terminals needed to accept chip and PIN cards is too high especially since financial institutions have been unwilling to adopt them as a new standard.

Big banks, on the other hand, are "opting for convenience" and have decided to put the onus on the American public, deeming them too lazy and too forgetful to remember a four-digit PIN code. But a 2007 study out of Dublin's Trinity College found that we remember and use an average of eight passwords a day. Every day, millions of American consumers sign into their Facebook accounts, bank accounts, and email accounts. We take out cash from the ATM, shop online, and pay our bills using passwords and PIN codes we can recite from memory. Surely banks have a better excuse as to why they won't upgrade the outdated security system in place?

Regardless, there is a fast-approaching deadline. By October 2015, merchants who don't have the new terminals will be responsible for the cost of fraud if the consumer has a chip-enabled card. But that deadline only requires terminals to accept chip-and-signature enabled cards -- not chip and PIN -- so they are still susceptible to theft and fraudulent activity. That pending deadline creates another barrier to achieving the necessary two-prong approach, since merchants may invest in that technology without assurances from banks and credit card companies that they will adopt chip and PIN cards.

Europe, Australia, Canada, and parts of South America have long since abandoned the stripe-and-signature payment card model opted for chip and PIN over the less reliable chip-and-signature cards. Our stagnation highlights the seeming lack of regard for the livelihood of the American public. In the wake of each and every data breach, consumer confidence plummets and they, along with businesses and the U.S. economy, bear substantial financial burdens they don't deserve.

I agree with some of the new federal initiatives to prevent identity theft and protect consumers' privacy. But they can only do so much. The pressure is now on financial institutions to provide the most secure technology available. Chip and PIN-enabled cards are the solution to the problem consumers so desperately need -- even if it means having to remember another password.

Steve Pociask is president of the American Consumer Institute Center for Citizen Research, a nonprofit educational and research organization. For more information about the Institute, visit www.theamericanconsumer.org. Twitter @consumerpal