Chip-and-PIN Technology Needed to Protect Consumer Information

October 2, 2017

By Matt Foley
Senior Manager of Government Relations

With shoppers visiting supermarkets often more than once a week, independent grocers have long been committed to protecting shoppers’ personal information. Many go above and beyond current security requirements by investing millions of dollars toward instituting end-to-end encryption, tokenization, and further exploring best practices and emerging technologies that will allow them to better safeguard customer data. This October—Cybersecurity Month—on the two-year anniversary of the United States transitioning from magnetic strip electronic payments to EMV chip cards, we’re again reminded that card-issuing banks continue opting for the less-secure chip-and-signature technology.

As high-profile breaches over the past few years have increased public awareness of payment security, consumers and businesses alike are eager to prevent fraud. There’s good reason too—the cost of fraud has skyrocketed from $23 billion in 2013 to $32 billion in 2014.

Chip-and-PIN technology is over 700 percent more secure than chip-and-signature, according to the United States Federal Reserve, yet card networks don’t allow businesses to require a PIN for credit. The Federal Bureau of Investigation (FBI) also urged consumer use a PIN with their new chip cards, but later revised the statement and omitted the PIN recommendation after receiving pressure from the American Bankers Association.

Unsurprisingly, the majority of consumers (62 percent) would prefer to be issued chip-and-PIN cards, according to a 2015 study by the National Retail Federation (NRF). Another 63 percent believe that chip-and-PIN provides more security than simple chip-and-signature. NRF’s survey indicated that 83 percent of consumers would consider it worthwhile to remember another PIN in exchange for greater security.

This isn’t new technology either. In fact, Visa has advertised the security of benefits in other countries, where chip-and-PIN has been standard since the mid-1990s. Despite this, EMVco (which is co-run by Visa and MasterCard), gave retailers no option for recourse. Instead, businesses were forced to abide by the terms or no longer accept credit or debit cards from Visa and MasterCard.

Implementing standard fraud prevention technology isn’t a radical idea—it should be common sense. That’s why NGA supports creating a standard-setting body that will ensure participants, including businesses, have a voice in standards setting for payments.

Until then, Cybersecurity Month marks just another year of card-issuing banks preventing chip-and-PIN technology from being implemented everywhere but the United States.

For more information, contact Matt Foley, senior manager of government relations, via email at