The Outcry For PINs With EMV Cards Gets Louder
 
        By Christine Kern, contributing writer

U.S. retailers have begun using EMV technology to accept payment via chip cards — but the question of how to authenticate the user persists.
On Friday, Reuters reported retailers are pushing for the use of personal identification numbers (PINs) along with the cards, with Target moving forward and Wal-Mart planning to opt for chip-and-PIN payments. The article quoted Lance James, chief scientist with cyber intelligence firm Flashpoint. “The PIN is definitely a must. It’s one extra step that provides true two-factor authentication.”
The National Retail Federation has submitted a statement to Congress asserting that new chip-and-signature credit cards that do not require a PIN will not stop data breaches. Further, the statement argued, small businesses should not be pressured to install the EMV transaction readers instead of more effective technology.
Most banks issuing chip cards have argued, however, that PINS are unnecessary. VISA continues to contend that “it’s the chip, not the PIN” that is essential for card security. EMV technology protects against fraud in card-present transactions — the embedded chip creates a unique transaction code each time the card is used, making the cards difficult to duplicate.
The FBI has issued a statement with the reminder: “While EMV cards offer enhanced security, the FBI is warning law enforcement, merchants, and the general public that no one technology eliminates fraud and cybercriminals will continue to look for opportunities to steal payment information.”
The FBI encourages merchants to approach EMV card transactions and their accompanying data with the same security precautions they used for standard credit cards, as well as urging the adoption of additional security measures for sales completed via telephone or Internet to ensure that the cards and users are authentic.
VARs can help their retail clients protect their sensitive customer credit card data by employing the “Holy Trinity of Payment Security,” tokenization, P2PE (point-to-point encryption), along with EMV, detailed on BSMinfo.com in a Creditcall Corporation white paper.
