U.S. Credit Cards Tackle Fraud With Embedded Chips, But No PINs

Transcript

ROBERT SIEGEL, HOST:

This year, banks will be reissuing hundreds of millions of credit cards. The new cards will store information about the user on a computer chip embedded in the card. It's supposed to provide a higher level of security for credit card transactions. But the banks are stopping short of another step that would provide even better security against credit card fraud. As NPR's Jim Zarroli reports, a lot of retailers aren't too happy about that.

JIM ZARROLI, BYLINE: Americans use their credit cards a lot, and most of the cards they use operate the same way. The credit card is a swiped through a machine. The machine reads the customer's personal information, which is stored in a magnetic strip on the back. The problem, says Kevin Yuann of the website NerdWallet, is that this magnetic strip is really easy for criminals to access.

KEVIN YUANN: The Target breach, for example, the Home Depot breach - someone skimmed all that card data and then printed out fraudulent cards.

ZARROLI: Now, however, U.S. credit card companies are moving to cards encoded with small chips - the kind of cards long used overseas. And Yuann says fraud will become a lot harder to pull off.

YUANN: That type of fraud won't be able to occur because the chip prevents someone from emulating a card that way.

ZARROLI: The United States has been slow to accept these chip-encoded cards until now because most retailers didn't have the machines that could read them, and they didn't want to pay for them. But later this year, retailers that don't accept cards with chips will be responsible for any fraud that occurs as a result. So the retail industry has invested billions of dollars to buy the new technology. But Mallory Duncan of the National Retail Federation says the new cards won't be as safe as they could be, and he blames the big banks.

MALLORY DUNCAN: It's really disappointing to see that after all of the hacks that have occurred, the banks are only willing to take the steps that protect the banks.

ZARROLI: As anyone who's traveled to Europe lately knows, using a credit card overseas usually requires entering a PIN number, just as you do with your bank card in the United States. But the U.S. banks that issue credit cards didn't want to ask their customers to do that. So they'll just be required to provide their signature the way that they do now, for the most part. Doug Johnson is senior vice president of payments and cyber security policy for the American Bankers Association.

DOUG JOHNSON: Most credit card users in the United States - in fact, the vast, vast majority of them - are not accustomed to using a PIN within a credit environment. So I think that that's something that was central to the decision of the credit card issuers.

ZARROLI: In essence, U.S. consumers aren't used to punching in a PIN number when they buy something with their credit cards. Kevin Yuann says credit card companies did marketing studies and found that requiring PIN numbers would actually turn off customers. U.S. consumers don't like them.

YUANN: The banks want to make sure that cardholders use their card. And so they want to make it as easy for the cardholder - and so until they see adoption of PIN across the system, no bank wants to be the only one with a PIN-only enabled credit card.

ZARROLI: But requiring PIN numbers would make credit cards even safer - a lot safer, in fact. Bank industry officials brushed aside this concern, saying it's a temporary issue. There's a new generation of credit cards coming that won't use numbers at all - not even account numbers. Until then, they say the new chip-encoded cards will provide an extra level of security even if they don't go as far as a lot of retailers would like. Jim Zarroli, NPR News. Transcript provided by NPR, Copyright NPR.