The National Retail Federation (NRF) told the Senate on March 26 that it’s time for an overhaul of the nation’s fraud-prone credit and debit card system, saying banks’ insistence on cards that use a signature instead of a Personal Identification Number puts merchants and their customers at risk.
“Everything a fraudster needs is right there on the card,” NRF senior vice president and general counsel Mallory Duncan said, describing how the cardholder’s name and account number are clearly printed on each card along with the expiration date and security code. “The bottom line is that cards are poorly designed and fraud-prone products that the system has allowed to continue to proliferate.”
Duncan’s comments came in a statement submitted to the Senate Committee on Commerce, Science and Transportation, which held a hearing March 26 on criminal cyber attacks in which consumer card numbers have been stolen. He said current magnetic stripe cards with signatures are too easy to duplicate and forge.
“There are technologies available that could reduce fraud,” Duncan said. “An overhaul of the fraud-prone cards that are currently used in the U.S. market is long overdue.”
NRF has advocated for replacing current cards where consumers sign to approve a transaction with next-generation cards that would require use of a PIN. With or without an embedded microchip, a PIN-based card would provide greater security for consumers and retailers alike, Duncan said.
“Protecting all cards with a PIN instead of a signature is the single most important fraud protection step that could be taken quickly,” Duncan said. “It’s proven, it’s effective, and it’s relatively easily implementable. PIN debit cards are close to ubiquitous worldwide, and readily producible in the U.S. Chip is a desirable add-on. If speed of implementation is of importance, then substituting PIN for signature is preferable to implementing chip.”
Along with switching to more-secure, PIN-based cards, NRF supports additional steps aimed at preventing fraud and data breaches, including end-to-end encryption of data, tokenization rather than storing data, and mobile payments.