By Jim Finkle
BOSTON (Reuters) – Some big U.S. retailers are stepping up efforts to use personal identification numbers, or PINs, with new credit cards embedded with computer chips in a bid to prevent counterfeit card fraud.
But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.
A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.
But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.
Broadly, U.S. banks are unprepared or resisting the change.
The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.
But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.
“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.
Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.
“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”
But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.
EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.
Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.
“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.
PINs are also expensive to implement. Gartner analyst Avivah Litan estimates that banks would have to invest hundreds of millions of dollars in network improvements to support them.
Most retailers have yet to begin using any form of chip technology on credit cards, instead relying on the magnetic strips that are still part of the new cards, even though it now puts them on the hook for fraud losses.
But some are pushing recalcitrant banks, arguing that it is absurd to require them to spend billions of dollars to upgrade their point-of-sale terminals if they are not going to get the added security of chip-and-PIN technology.
“If they really cared about security, it would be a no-brainer,” to use PINs, said National Retail Federation General Counsel Mallory Duncan.
The issue has caused some confusion, even among experts.
A Chase credit card representative this month wrongly tweeted that the firm would soon issue chip and PIN credit cards. A company spokeswoman later said the tweet was a mistake.
The U.S. Federal Bureau of Investigation this month released a public service announcement incorrectly suggesting that all EMV credit cards use PINs, saying “Consumers should use the PIN, instead of a signature, to verify the transaction.” The agency updated the announcement to remove the error.
So far only one PIN credit card is available through a major U.S. retailer, a MasterCard that Target issues through Toronto Dominion Bank.
Target spokeswoman Molly Snyder said her company recently began distributing PIN cards through a rollout that should be completed in the spring.
“We believe that it is the most secure form of payment that is currently available,” Snyder said.
Even though demands for PIN cards are being made by groups representing large retailers, some big merchants say they have no plans to offer PINs.
“Our approach is chip and signature,” said Macy’s Inc spokesman Jim Sluzewski.
JC Penney Co Inc said it has no plans to introduce PINs and has yet to begin processing any chip transactions.
An industry executive said that some retailers have privately confided that they fear widespread PIN adoption could result in slower lines and lost sales from shoppers who forget PINs.
“They don’t want PINs because it clogs up transactions,” said the executive who declined to be named because the discussions were private.
(Reporting by Jim Finkle; Additional reporting by Sruthi Ramakrishnan, John Tilak and David Henry; Editing by Jonathan Weber and Bill Rigby)