President Obama recently announced that, starting next year, all federal government credit and debit cards will feature microchips and require the use of PIN numbers. The technology, called “chip and PIN,” or EMV (Europay, MasterCard, and Visa), is widely used in Europe and considered significantly more secure. Instead of recording all the transactions on the magnetic strip that most U.S. cards possess, the chip creates a unique single-use transaction code that cannot be repeated.
The problem in the United States is that most cards containing a chip still require the card owner’s signature, rather than a PIN, to complete a transaction.
One reason for this U.S. trend may simply be our information overload. In an age when we’re supposed to remember a seemingly endless number of logins and passwords, it’s easy to forget your PIN and leave without buying anything. No one in the credit card industry wants that.
The PIN may also be more dangerous than the pen because it’s used to get cash from an ATM. I don’t know about you, but I’d prefer to have someone steal my credit card and forge my signature than clean out my bank accounts.
Unfortunately, no matter what card issuers require, many U.S. merchants don’t have the terminals they need to process the chips, and most credit cards still have the magnetic strip as a backup. The major credit card companies have said that situation may change significantly by October 2015, when liability for fraud will shift to either the merchant or bank that has not adopted chip technology.
So what should you do? Stay with your current card? Get a chip and signature? Sign up for one of the chip and PIN cards available in the U.S.?
That’s up to you. Just know that ultimately there’s no way to protect any payment card completely. Check your credit card bills and bank statements online each month (or more frequently) to make sure they’re correct, and be thankful that your credit card companies are watching your spending patterns. Hey, even the President’s credit card was declined recently.
If you want to enter the cyber insurance market or learn about any of ISO’s various cyber insurance product offerings, visit the ISO Cyber Risk Solutions website, www.verisk.com/cyber, or e-mail me at email@example.com. You can also follow me on Twitter @doughertyshawn