Despite a run of credit card data breaches, major card issuers are choosing not to offer the most secure version of new credit cards in the US, opting instead for a version that is more convenient for consumers to use. The issuers, including American Express, Bank of America, Citigroup and JPMorgan Chase, are adopting so-called “chip-and-signature” technology for hundreds of millions of new cards rather than “chip-and-PIN” technology.
A chip-and-signature card includes an embedded computer chip that generates a unique transaction code, making it difficult for a hacker to access card information when a cardholder dips the card into a chip-enabled terminal. But it doesn’t require consumers to input a PIN, as the more secure chip-and-PIN technology does. Reason: Issuers fear consumers would find it inconvenient to remember and input PINs. However, if a chip-and-signature card is lost or stolen, it can easily be used for fraudulent transactions because the thief does not need a PIN code and few retailers actually check the signature when a card is used.
Chip-and-PIN technology has become the standard in Europe, Australia and Canada. Just a few issuers are choosing the chip-and-PIN cards for US consumers. These include Target Corp., which fell victim to a major data breach at the end of 2013…Diner’s Club…and the United Nations Federal Credit Union.