Let’s Just Skip Sig and Go to Chip and PIN

by Jay DeWitt on October 28, 2014

in American Express, Card Acceptance, Chip Cards, EMV, Jay DeWitt, Security, Visa

Post image for Let’s Just Skip Sig and Go to Chip and PIN

Last week I was in Victoria, British Columbia doing one of our Glenbrook Payments Assessments. In anticipation of my trip to the North American Land of Chip andPIN, I had both a Visa and an Amex card reissued in the chip format. Neither of my issuers supported PINs on my credit cards, so I was informed by both of the issuers that I’d be in chip and signature mode.

When in Canada, I used my cards many times and my main impression was that this chip and signature stuff was stupid, and it would have been so much easier to have been assigned and using a PIN!

Had I had a PIN, I would have been handed a terminal (which had my card inserted by the clerk and an amount keyed in), accepted the payment, keyed-in a PIN and handed the terminal back to the clerk — done! As it was, we instead had to go through this awkward protocol of me receiving the terminal, handing it back then receiving another slip of paper and pen, finding a free surface on which to sign it, then handing it back to the clerk. To me, that felt like twice the work of the PIN transaction!

ChipandPIN

I’m sure there’s some system preparation required, but I think that for the most part, U.S. issuers are going with chip and signature in the near term to help customers make the transition to chip cards feel as familiar as possible.

Now, as we say in our boot camps, those of us in payments need to exercise caution when extrapolating our perceptions to the wider population as a whole, but my advice to issuers is: let’s make the full leap now — chip and PIN — and get it done with. I think consumers are quickly going to tire of this fumbling around with pens and signatures stuff!

This post was written by Glenbrook’s Jay DeWitt.

5 Responses to “Let’s Just Skip Sig and Go to Chip and PIN”

  1. Fazal Majid says:

    PINs certainly have a customer service impact, but nearly everyone has a debit card and deals with them, so this is a red herring. I suspect the real motive is defending interconnect fees by not making credit transactions look too much like debit ones. Unfortunately, that also means the security benefits of EMV are lost due to Banks’s avarice, as shown by Brian Krebs:
    http://krebsonsecurity.com/2014/10/replay-attacks-spoof-chip-card-charges/

  2. Chip and Signature is ludicrous at this juncture. Sure, the CHIP may protect against the eventual cloning that occurs today with magstripe cards from the massive card breaches of late, but without PIN, it doesn’t protect against losses from “lost and stolen”. Why have this huge POS conversion and yet not get the benefit of that. Besides, many US merchants (and all large US merchants) support PIN debit, so it’s not like they don’t already lean towards PIN entry devices.

  3. Paul Kuykendall says:

    I couldn’t agree more, Jay. This is a ridiculous and unnecessary baby step, especially for the newly issued Debit cards. We are already using our PINs, for crying out loud! Please let us continue to do so.

    Take my (xxxx) credit card for example. (redacted, but this is real). I just received my new chip-enabled card, and was informed it was my new “Chip&Signature” card by the paper insert. OK, it still has a mag stripe, so I should be able to Swipe and Sign. However, if I ever dip this in a terminal, I WANT to use a PIN. So much cleaner, and lower cost for the merchant.

    They speak of friction and not disrupting old consumer habits. However, it is reasonable to infer that money is at the heart of it. Are Chip and Signature more profitable than Chip&PIN, insofar as interchange is concerned?

  4. Bryan Deramn says:

    I agree on PIN over signature. At this point, the signature is such a meaningless practice that “Chip and Nothing” would probably make more sense. I might argue that even the PIN should be omitted for low risk/low value transactions, as it is for contactless transactions in Europe.

    That said, hasn’t Apple Pay totally changed the authentication paradigm? Having biometrically authenticated myself in order to release the card credentials from my phone, the transaction ought to be regarded as fully authenticated without the need for signature or PIN. At the risk of over-extrapolating my own perception, I would much prefer to authenticate myself to my own device than to enter a shared secret into someone else’s POS terminal or ATM.

  5. Peter Braun says:

    At a risk of being an outcast in this discussion, I disagree. There is a reason why currently (almost) everybody in the US uses Signature and not PIN for credit card transactions. I have multiple cards and they have multiple requirements for passwords. One password cannot be used for all so consumers would have to remember all and which one is for which card. Merchants want to make a sale and clearly the lost and stolen fraud is a lesser evil to them.
    Your experience is strictly Canadian. They use PIN and so they do not support Signature well. If they had a device that supports signature you could have completed your transaction just like you would with PIN.
    In the US merchants already are using devices supporting Signature and consumer experience is good. You insert the card, sign, and pull the card out, done. No need to remember which password is on this particular card.
    Brands have a reason why they support signature. They want to make payment frictionless and requesting PIN would go in the opposite direction. Some consumers could go back to cash – has no protection against “lost or stolen” but is easy to use.
    Security should not be at the expense of user experience.

Leave a Reply

Previous post:

Next post:

Clicky Web Analytics