Please sign in to post.

CHIP and PIN to be a new standard for US federally issue cards

Just saw this from the AP. Looks like we will have this by this time next year, as whatever the Feds do, commercial banking will certainly have to support. Trimmed to fit, some cruft removed from actual article.

Associated Press

WASHINGTON (AP) - Saying more must be done to stop data breaches affecting consumers, President Barack Obama announced on Friday a government plan to tighten security for the debit cards that transmit federal benefits like Social Security to millions of Americans.

Cards issued by the federal government will now have an internal chip replacing magnetic strips to reduce the potential for fraud. Concern is growing over the security of Americans' financial data, with an estimated 100 million people having been affected by breaches in the past year, including at big retailers like Target and Home Depot.

In addition, the government will apply the security chips and personal identification numbers, called PINS, that replace signatures to all existing and newly issued government credit cards, Obama said. Payment terminals at federal government facilities will be equipped to handle cards with the new technology.

The White House says the idea of the government program is to lead by example, to nudge the broader financial industry and retailers toward more secure standards.

Obama noted that Home Depot Inc., Target Corp., Walgreen Co. and Wal-Mart Stores Inc. plan to install payment terminals in their stores equipped to handle cards with digital security chips and personal identification numbers, called PINS, which replace signatures.

Obama also cited a plan by American Express Co. to support small businesses that upgrade their payment terminals with more secure standards, and a program by payments processor Visa Inc. to inform consumers and merchants about the new technologies.

Obama's executive order also calls for the government to take new measures to help victims of identity theft. The Federal Trade Commission will develop a new website for consumers to report identity theft and remedy errors with credit reporting.

And Obama called on Congress to enact a single national standard for retailers to notify consumers of data breaches, to replace a patchwork of state laws. Proposals have languished in Congress.

In the wake of the massive data breaches, banks and retailers have sped the adoption of digital chips for credit and debit cards. They've set a deadline of October 2015 for wide use of chips in cards and payment terminals.

The financial and retail industries have been at odds over solutions and adopting new security technology. The retailers have insisted that banks must upgrade the technology for the credit and debit cards they issue. Banks have countered that retailers must tighten their own security systems for processing card payments. They say it isn't clear whether the digital chips would have prevented many of the retail breaches.

Retailers want the chips, but they also want each debit or credit card transaction to require a PIN. Experts say it's harder for criminals to steal PINS than to forge signatures.

The magnetic strips use the same technology as cassette tapes to store account information and are easy to copy. By contrast, a digital chip generates a unique code each time it's used. Criminals can steal and sell data from cards with chips, but they can't create fraudulent cards.

The National Retail Federation's president, Matthew Shay, said the group "continues to work with our members and other stakeholders on practical and comprehensive solutions that are less about process and more about progress toward how we collaboratively prevent and combat this criminal activity."

Copyright 2014 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Posted by
7937 posts

Thanks for the article, Glenn. Now maybe we'll just be having problems with automated gas pumps in the US, waiting for everything to become standardized. :-)

Posted by
4415 posts

Not exactly related, but I've had my Wells Fargo card for a while. Haven't taken it out for a spin yet, but it's working quite well $$$ online ;-)

I've mentioned this several times over the years on other threads, but poor Target had C-n-PIN readers 15 years ago (at my local store, anyway). They were eagerly awaiting The New Way to Pay......(crickets)......then finally removed them about 5 years ago. I hope they kept them in the back room ;-) I'm sure somebody at Target this last year (after the security breach) was yelling, 'Yeah, we HAD the stupid readers IN THE STORES!!!'

Posted by
2262 posts

"...some cruft removed from actual article"
Thanks for a new word, Glenn!

Posted by
32350 posts

Glenn,

Thanks for posting that. It's good to see that something is finally happening to "get with the program". In reading the article, the writer seemed to be giving the impression that this was a "new idea". No mention was made of the fact that this technology has been in use in the rest of the world for many years.

Posted by
197 posts

To follow up with what Eileen & Ken posted, I have a chip & pin card from my bank (USAA) but it still has the magnetic strip on it (for use in the U.S.). What this means is that you will still be asked to sign a credit receipt in most cases in France & Switzerland at stores, restaurants & hotels (where I have used my card). The only time I have been asked for my pin has been buying tickets out of Metro & RER machines. Even buying a carnet from the Metro ticket booth, I had to sign the receipt. Until the pin readers are installed everywhere in the U.S., I would think the magnetic strip method will still be with us for awhile. I am not sure the pin readers here in the U.S. will override the magnetic strip.

Posted by
7885 posts

Tom, I have read some suggestions that when the brand-new (as opposed to Target's storage closets .. ) POS terminals are rolled out, they will "know" that a stripe card also has a chip, and will demand that it be inserted for the more secure transaction. Naturally, that has nothing to do with following sensible, world-wide-elsewhere practices that were Not-Invented-Here. Rather, it would have to do with the merchant's NEW liability for fraud when ... the card HAD a chip!

Posted by
2857 posts

Having already had two different cards cloned this year, thank you first Albertson's and second Home Depot, plus a third card skimmed when my son did not notice the skimmer on the gas pump, I can't wait. Oh, and the replacement card for the Albertson's clone is likely awaiting cloning when Albertson's had a second issue with their supermarkets. in September.

Posted by
32350 posts

@Tom,

What this means is that you will still be asked to sign a credit receipt in most cases in France & Switzerland at stores, restaurants & hotels

My Chip & PIN cards also have a magnetic strip, but I've found that in the majority of cases the merchants have processed transactions using the C&P system (and that includes one purchase in Switzerland). Only once on my recent month-long trip was I asked for a signature. With the Trenitalia ticket Kiosks, every purchase that I made was processed via C&P.

Posted by
5456 posts

Most, but not all USA-issued cards are set up so signature is the prime authentication method, with PIN being down the list and only coming to play in unattended terminals.

Posted by
4535 posts

Re: Tom - All cards will continue to have a magnetic strip. It is a backup system and has nothing to do with the chip & PIN technology or how it is typically used. If you, or a vendor, runs the card through the strip the old fashioned way, it will still work the old way. To read the chip, a card has to be inserted short end first into a slot that reads the chip. If PIN is the primary validation protocol, it will ask for a PIN. If signature is the primary validation protocol, it will ask for a signature. The protocols are established by the card-issuing bank. Unfortunately, many US card issuers still use signature as the primary protocol and that won't always work in European machines.

Posted by
61 posts

For those who have been commenting on the stripe - Walmart is currently using a CHIP reader on the terminals here in Tucson, and if you attempt to swipe the stripe, it tells you to actually insert the card. it will not authenticate it. So there is obviously something that indicates its a CHIP enabled card. Also, noticed when I got back to the states and used my normal CC at a Walmart, if you use a strip card, it will ask you to put in the CSC code from the back of the card for verification.

My feeling is that stripe cards will co-exist for a while, but once the CHIP cards become more prevalent, you'll see much more terminals with the technology to read them popping up, and as a result, more banks will start issuing CHIP and PIN, vs. the few CHIP and SIG that are the offerings now, with some rare exceptions. For the folks who have pure EU CHIP/PIN cards if they come with a stripe or not, for cards not meant to be used outside of the EU?

Glenn

Posted by
1692 posts

My cards all have a magnetic stripe on them. This is for where the Chip and Pin is not working or not available. But they have the stripe.

I remember when Chip and PIN came to the UK. They had a stand in the local mall, and they said about the security and novelty of chip and PIN. I mentioned 'like they've been using in France for the last decade?'

I did not even get the free sticker.

One thing Chip and PIN does, and I have been guilty of, is people forget to sign the card. Technically the card is not valid without a signature but if it is not being checked....

I am now off to my wallet with a pen to sign all my cards.

Posted by
197 posts

I guess my confusion occurred when I asked for a chip & pin card from my bank, I expected I would need to use a pin every time I used the card here in Europe. That has not been the case in two countries over the last month. I have only been asked for a pin twice using ticket machines-everything else has been signature. The idea was to cut down on potential fraud but a signature receipt doesn't really do that. However, I am certainly more educated now based on the excellent responses on this posting and this something I will take up with my bank when I get home.

Posted by
4415 posts

FWIW, those now 'in storage' Target C-n-PIN readers read our mag stripe-only cards for the intervening 10+ years...They just need a little dusting off and they're good to go. IF they're in some 'storage room'...and NOT in a landfill.

Posted by
4853 posts

This is the part I love, they're all standing in a circle pointing at each other while we suffer:

"The financial and retail industries have been at odds over solutions and adopting new security technology. The retailers have insisted that banks must upgrade the technology for the credit and debit cards they issue. Banks have countered that retailers must tighten their own security systems for processing card payments. They say it isn't clear whether the digital chips would have prevented many of the retail breaches"