With the US set to adopt EMV technology in 2015, this may finally be the year that the US catches up to Europe and other countries around the world when it comes to credit card security. However, a report from the Wall Street Journal indicates that financial institutions are opting for a less secure method of EMV instead. Why? Banks are blaming the customers, but it looks like the real reason is to cut costs while fulfilling the bare minimums of EMV.The Journal reports that banks are choosing to use chip-and-signature cards, which require a customer's signature as a second form of authentication, instead of chip-and-PIN cards, which require a four-digit PIN code. Chip-and-PIN is more secure, since signatures can be easily copied.
According to the WSJ, the reason is so "customers won't be burdened at the checkout line to remember a new four-digit code." But, this contradicts what analysts have been saying. Experts I've spoken to consider chip-and-signature less secure than chip-and-pin and less desirable for customers. One analyst mentioned that debit cards require a four-digit PIN code already and customers don't seem to be struggling with that. Problems could arise for some customers, but for the overall security benefit, chip-and-PIN may be the better option.
JPMorgan Chase, the biggest issuer in the country, initially said they'd be supporting chip-and-PIN but it seems as if they've shifted to chip-and-signature. Bank of America, Discover, and Citigroup are all using chip-and-signature as well. Meanwhile, merchants aren't happy -- Target, which suffered a massive breach last year, is using chip-and-PIN for its store branded cards.
Why are banks going with chip-and-signature? It seems to imply that they don't take the customers security seriously. Chip-and-signature is the bare minimum for EMV, which financial institutions in the States have been resisting for about a decade. By picking chip-and-signature, banks are leaving their customers more susceptible to fraud and while telling customers and shareholders that they are "updating their technology for security."
All signs point towards this being a cost cutting move by the financial institutions who are reluctantly adopting EMV technology.