EMV And Pins: What Does My Truckstop Need To Know?

Is EMV the most secure payment method available?
More
 

NATSO has received a number of questions from truckstop owners and operators regarding the October 1, 2015 “EMV Shift” – this refers to Visa and MasterCard’s plans to begin aligning credit and debit cards in the United States with those companies’ proprietary chip technology.

To meet our members' need for information on this topic, NATSO has prepared a detailed Question-and-Answer document answering some of the key questions on this important topic. Read the detailed document at The Upcoming “EMV Shift” – What Truckstop And Travel Plaza Operators Should Know

This week we will feature several points in the document on the blog. Today I’ll answer:

EMV And Pins: What Does My Truckstop Need To Know?

- Is EMV the most secure payment method available?
No, and this is important to keep in mind. The best way to prevent card-present fraud is to require all customers to enter a secret PIN before they consummate every transaction.  This way, only a card’s true owner can use it. The card companies, however, are not requiring PINs.  They are only requiring customer signatures.  

Signatures pose obvious problems –forgery is difficult to verify on-site (in fact many card companies’ merchant agreements prohibit merchants from rejecting transactions based on the signature). In those instances where a consumer reports what they think is a fraudulent charge, signatures are usually the verification method that is used.  This is a major concern for the merchant community. 

- Why does the merchant community prefer PINs?
It all has to do with which party is liable for which types of fraudulent transactions.  Banks are held responsible for guaranteeing that cards are legitimate…they cover the costs for counterfeit cards.  Retailers, on the other hand, are responsible for verifying that the cardholder is actually the cardholder...they cover the costs when that is not the case.

Under the new EMV system, the chip in each card will make it very difficult to create a counterfeit credit card (which will assuage banks’ concerns).  But because Visa and MasterCard are not requiring PINs as part of this EMV switch, it becomes very difficult to ensure that the card-user is actually the card-owner. (Signatures are very easy to forge.)  This leaves merchants vulnerable for fraudulent transactions, even if they implement EMV systems. 

In other words, the EMV switch in a lot of ways is fixing the part of the system that banks bear responsibility for, but not the part of the system that merchants bear responsibility for.

- Why don’t Visa and MasterCard require PINs if PINs make the system more secure?
They claim that they don’t want to “inconvenience the customer” by requiring the customer to enter a PIN, but this not the true reason.  In reality, those companies want to strengthen their market duopoly. 

When signatures are used, Visa and MasterCard have the market locked up.  If a Visa or MasterCard is used using signature, those transactions will only travel across Visa or MasterCard’s networks, respectively.  This means more money in the card companies’ pockets.

In the PIN world, however, there are several competitors for the network routing for those transactions.  This reduces market share for Visa and MasterCard. Thus, if Visa and MasterCard were to require PINs, the merchant could send that transaction over different networks, and the network gets a lesser per transaction fee.  This increased competition is exactly what Visa and MasterCard are trying to avoid.

- Can’t Merchants simply require PINs even if Visa and MasterCard don’t?
It’s not so simple. To make sure that signature remains the industry standard, the card brands have provided incentives to consumers to use signature rather than PIN. This includes offering rewards for credit card usage (“credit card points”), offering contests that are open only to signature cards, an assessing PIN fees.  As a result, when retailers try to unilaterally introduce the more secure PIN transactions, consumers reject it.

- So if I were to require a PIN, would the EMV switch solve all of my data security concerns? 
Not by a longshot.  Although EMV makes the creation of fraudulent cards very difficult, and PIN gives retailers the assurance that they are accepting card payments from the rightful owner, EMV transaction security ends there.  It does nothing to protect payments data that is in transit from the acceptance point to the card networks. This sensitive card-holder data contained on the card remains vulnerable to theft once it leaves the payment acceptance device.  Indeed, if Target had switched to EMV before it was breached, that would have done nothing to stop their breach.

Read our full review here

///One of NATSO’s primary roles is to deliver solutions to members’ challenges. Each day members tap into the expertise of myself and other NATSO staff members for answers to some of their most pressing questions. If you have questions on the rule, be sure to reach out to me at dfialkov@natso.com or (703) 739-8501 with questions. 

This blog post is intended to provide general information and recommendations and should not be considered legal advice. This information may be subject to regulations and restrictions in your state.

Subscribe to Updates

NATSO provides a breadth of information created to strengthen travel plazas’ ability to meet the needs of the travelling public in an age of disruption. This includes knowledge filled blog posts, articles and publications. If you would like to receive a digest of blog post and articles directly in your inbox, please provide your name, email and the frequency of the updates you want to receive the email digest.