Fed Reserve: Chip and Signature Not Enough

Written by

In a speech delivered by Federal Reserve Governor Jerome Powell last week in Missouri, the former Assistant Treasury Secretary voiced concern over the ongoing overhaul of credit and debit card technology in the United States.

According to a report from American Banker, Powell said that he believes that chip and signature is a half-measure, falling short of the chip and PIN technology deployed throughout the rest of the world.

"The deployment of EMV chip cards in the United States represents an important step forward. But we should not stop there," he said in his address. "New approaches to authentication increasingly offer greater assurance and protection. Given the current technologies that we have at our disposal, we should assess the continued use of signatures as a means of authenticating card transactions."

Debra Berlyn, the President of Consumer Policy Solutions and leader of the consumer education campaign ProtectMyData, said that the governor has an important point about layering security tools and procedures. If the banks and credit card companies insist on signature verification—a measure that still allows widespread fraud in the case of lost and stolen cards —it should not affect the adoption of PINs, she said.

“That is the reason we have long advocated for the financial industry to pair chip-equipped cards with unique PINs to provide American consumers two distinct security measures,” she said in an emailed statement. “The notion perpetuated by the financial industry that consumers do not want or cannot handle remembering a PIN is a baseless diversion advanced solely so that the industry does not have to invest in the infrastructure that supports chip and PIN technology."

While it is certainly not a cure-all, chip and PIN is widely seen as the best available technology for consumers today.

“Put simply, if available and proven, it should be the standard here just as it is elsewhere,” Beryn said. “If the industry is already investing billions to upgrade cards and their hardware, they should be upgrading it to accept chip and PIN.”

What’s hot on Infosecurity Magazine?