The biggest financial institutions in the U.S. are under renewed pressure to mandate the use of PINs with new chip-based payment cards.
On Monday, the attorneys generals of nine U.S. states sent a joint letter to the companies, urging them to adopt the technology as a way to reduce the effectiveness of data breaches and card fraud.
Banks have issued millions of chip-based cards this year, bringing the U.S. belatedly in line with most of the rest of world, but while other countries switched to PINs as they introduced the cards, the U.S. has stuck with signatures as a second form of identification.
The new cards electronically transmit one-time codes instead of card numbers when customers pay. That eliminates the risk of data breaches from malware in store systems like those that hit millions of customers at Target and Home Depot, but it doesn't stop fraudulent in-store transactions from taking place.
"There can be no doubt that this is a less than secure standard, since signatures can be easily forged or copied or even ignored at the point-of-sale," the attorneys general wrote in their letter. "In order to better protect consumers, the chip-enabled cards issued in this country must be reinforced with the requirement that consumers enter a PIN to verify the transaction."
The letter was addressed to the CEOs of Bank of America, JP Morgan Chase, Citigroup, Capital One, Visa, Mastercard, American Express and Discover, and came from the attorneys general of Connecticut, the District of Columbia, Illinois, Maine, Massachusetts, New York, Rhode Island, Vermont and Washington.
The attorneys general are often involved in cases involving data breaches, thus their desire to see financial card fraud reduced.
Behind the reluctance of card issuers to force the use of PINs is the competitive U.S. financial services market. No bank wants to be the first mover in case consumers think remembering a PIN is troublesome and switch to other cards in their wallet that still allow signatures.
Retailers, which have invested millions of dollars in new payment terminals to accept the cards, have been calling for the use of PINs for several months. On Monday, the Retail Industry Leaders Association applauded the letter, calling chip and PIN the "gold standard" for card security.
"There simply is no honest explanation for banks to refuse to provide Americans with the same credit card security offered in Canada and Europe," the group said.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.