The executive who oversees payments at the nation’s largest retailer Walmart doesn’t think highly of the switch to chip-based technology by credit card issuers in the United States.
The move to the more advanced “chip & signature” system isn’t advanced enough to thwart cyberthieves, said Mike Cook, Walmart’s assistant treasurer and a senior vice president, at this week’s Electronic Transaction Association’s Transact conference in San Francisco.
“Chip and PIN” cards, adopted widely throughout Europe, are generally considered safer than “chip and signature” cards. That’s because most cashiers or point-of-sale personnel do not verify a person’s signature on the card. But moving to chip cards from magnetic-stripe cards is a huge step in the right direction, most security experts say.
Nonetheless, Cook told CNNMoney that “the fact that we didn’t go to PIN is such a joke.”
Over the last few months, JPMorgan Chase, the largest bank credit card issuer, and other card providers, have started to issue the long-awaited ‘chip and signature’ credit cards to their customers with the added security feature.
Unprecedented payment card data breaches against big retailers, such as Target and Home Depot, and most recently against JPMorgan Chase itself, has fueled the faster adoption of chip-based cards over the past 18 months.
But did card issuers make a mistake by surpassing the “chip and PIN” systems?
“Signature is worthless as a form of authentication,” Cook said during a presentation at the conference. “If you look at the Target and Home Depot breaches … not a single PIN debit card needed to be reissued in those breaches. The card number was worthless to the individual thief and fraudsters, because they didn’t know the PIN.”
The new “chip & signature” program is barely an improvement on security and fraud, Cook asserts.
When the United Kingdom initiated chip-and-PIN, the result was a significant decrease in fraud related to both the counterfeiting of cards and the theft of card data. By using chips alone, the U.S. would only cut down on counterfeiting, Cook says.
Both major payment card networks , Visa and MasterCard, assert that counterfeiting makes up the vast majority of credit card fraud. So moving to “chip and signature” addresses the biggest security issue hurting banks and shoppers, who keep getting reissued cards every time there’s a major hack.
As long as “chip and signature” systems are dominant, many banks will hesitate in adopting the PIN systems to avoid alienating, or annoying, customers further by saddling them with yet another code to memorize.
Moreover, fast-developing mobile payments systems such as Apple Pay, Samsung Pay and Android Pay are helping by hiding consumers’ credit card number from retailers, and using one-time codes that are useless to hackers and thieves. Banks hope that these mobile payment platforms will erase the need to move into “chip and PIN” systems over the next few years.