Payment cards: Is the PIN more dangerous than the pen?

By Shawn Dougherty November 10, 2014

Shawn DoughertyPresident Obama recently announced that, starting next year, all federal government credit and debit cards will feature microchips and require the use of PIN numbers. The technology, called “chip and PIN,” or EMV (Europay, MasterCard, and Visa), is widely used in Europe and considered significantly more secure. Instead of recording all the transactions on the magnetic strip that most U.S. cards possess, the chip creates a unique single-use transaction code that cannot be repeated.

The problem in the United States is that most cards containing a chip still require the card owner’s signature, rather than a PIN, to complete a transaction.

One reason for this U.S. trend may simply be our information overload. In an age when we’re supposed to remember a seemingly endless number of logins and passwords, it’s easy to forget your PIN and leave without buying anything. No one in the credit card industry wants that.

The PIN may also be more dangerous than the pen because it’s used to get cash from an ATM. I don’t know about you, but I’d prefer to have someone steal my credit card and forge my signature than clean out my bank accounts.

Unfortunately, no matter what card issuers require, many U.S. merchants don’t have the terminals they need to process the chips, and most credit cards still have the magnetic strip as a backup. The major credit card companies have said that situation may change significantly by October 2015, when liability for fraud will shift to either the merchant or bank that has not adopted chip technology.

So what should you do? Stay with your current card? Get a chip and signature? Sign up for one of the chip and PIN cards available in the U.S.?

That’s up to you. Just know that ultimately there’s no way to protect any payment card completely. Check your credit card bills and bank statements online each month (or more frequently) to make sure they’re correct, and be thankful that your credit card companies are watching your spending patterns. Hey, even the President’s credit card was declined recently.

If you want to enter the cyber insurance market or learn about any of ISO’s various cyber insurance product offerings, visit the ISO Cyber Risk Solutions website, www.verisk.com/cyber, or e-mail me at sdougherty@iso.com. You can also follow me on Twitter @doughertyshawn


Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.