MYTH: Fight For PIN Technology Is About “Blame Shifting, Not Cybersecurity.” ““The knock-down, drag-out fight between the retail and financial sectors over PINs for credit cards is really about money and blame shifting, not cybersecurity and consumer protection, say experts.” (Dave Perera, “Chip-And-PIN Fight About Money, Blame, Not Security,” Politico, 5/14/15) FACT: Credit Union Executive Called “Chip And PIN” The “Most We Can Do To Fight Fraud.” “Merrill Halpern, assistant vice president of card services at United Nations Federal Credit Union, said the potential inconvenience isn’t a good enough reason to choose signatures over PINs. The credit union, based in Long Island City, N.Y., is one of the few credit-card companies that issues chip-and-PIN cards. ‘We should be doing the most we can to fight fraud, and the only way to send that message is to stand clearly behind chip-and-PIN,’ he said.” (Robin Seidel, “Why New Credit Cards May Fall Short On Fraud Control,” The Wall Street Journal, 1/4/15)
MYTH: PIN Has Nothing To Do With Cybersecurity. “But PIN has nothing to do with cybersecurity and would address just a small slice of payments fraud, said the nearly a dozen payment system experts contacted by POLITICO.” (Dave Perera, “Chip-And-PIN Fight About Money, Blame, Not Security,” Politico, 5/14/15)
MYTH: PIN Is Not A Crime “Deterrent.” “PIN ‘isn’t really a deterrent to cybercrime,’ said an industry executive speaking on condition of background. ‘That’s a deterrent to petty theft.’” (Dave Perera “Chip-And-PIN Fight About Money, Blame, Not Security,” Politico, 5/14/15) FACT: 61 Percent Of Finance Professionals Believe Chip-And-PIN Cards Will Fight Fraud Best. “Sixty-one percent of survey respondents report that Chip-and-PIN validation will be most effective in preventing credit/debit card fraud.” (“2015 AFP Payments Fraud And Control Survey,” Association of Financial Professionals, Accessed 3/26/15)
MYTH: PIN Does “Nothing” For Card-Not-Present Transactions. “‘As a criminal, the key elements I need for card-not-present fraud card are card holder name, primary account number, and expiration date,’ said Jeremy King, international director of the Payment Card Industry Security Standards Council. ‘I can still hack into the merchant, I can still get those data elements … I can [still] do card not present fraud. Nothing to do with the PIN – the PIN doesn’t enter into card-not-present, at all.’” (Dave Perera, “Chip-And-PIN Fight About Money, Blame, Not Security,” Politico, 5/14/15) FACT: Congressional Research Service: “Chip-And-PIN” Cards Reduce Various Types Of Fraud. “The data analyzed in the study showed that chip-and-PIN is most effective in reducing certain types of fraud, notably – card-present fraud … domestic counterfeit card fraud, committed by manufacturing cards created with valid information from lost or stolen cards, but most often carried out using data stolen in a data breach or ‘skimming’; and … lost and stolen card fraud, committed using an original, activated, and valid card after it is lost or stolen, in both ‘card present’ (e.g., retail) and certain ‘card-not-present’ (e.g., Internet purchase) scenarios.” (Patricia Moloney Figliola, “The EMV Chip Card Transition: Background, Status, And Issues For Congress,” Congressional Research Service, 2/26/15)
MYTH: PIN Discussion About “Running Fight” Over Interchange Rates. “Some see the strident campaign for PIN as actually the latest chapter in the running fight between merchants and the credit card systems over interchange rates – the slice that credit card issuers take from each transaction.” (Dave Perera, “Chip-And-PIN Fight About Money, Blame, Not Security,” Politico, 5/14/15) FACT: Visa & MasterCard Control Reimbursements Via Contractual Agreements.“Merchants do, in fact, reimburse card issuers for both card reissuance and actual fraud losses following a breach based on many factors, including: the number of cards requiring reissuance, the incremental fraud associated with each individual card, and the age of the card and when it was due for reissuance, regardless of a breach. These schedules are contractually agreed upon by Visa and MasterCard and your credit union members. Merchants do not have a say in these reimbursement requirements ... [W]e bring to your attention the specific sections of MasterCard’s operating rules where these sections may be found: 6.4.1 ADC Operational Reimbursement Factors, MasterCard Account Data Compromise User Guide, July 22, 2012. Of course, Visa maintains similar schedules to which your credit unions have contractually agreed to as well.” (“Letter To Credit Union National Association & National Association Of Federal Credit Unions, Retail Industry Leaders Association, 10/30/14)
RILA is the trade association of the world's largest and most innovative retail companies. RILA members include more than 200 retailers, product manufacturers, and service suppliers, which together account for more than $1.5 trillion in annual sales, millions of American jobs and more than 100,000 stores, manufacturing facilities and distribution centers domestically and abroad.
Vice President, Communications and Advocacy