With recent high-profile data breaches that have occurred at retailers such as Target and Neiman Marcus, the National Retail Federation on Tuesday held a briefing with members of the media to advocate for the adoption of pin and chip payment card technology within the retail and banking sectors.
“We’re here today because the question of data security and cyber theft in retail has become a very important debate in Washington,” said David French, senior vice president of government relations for the NRF. “We think that one of the most important elements of this debate is understanding how card technology is working or not working to protect the integrity of account numbers and… how easy it is for folks to take that information and monetize it and turn it into something criminals can use.”
Unlike the traditional swipe and sign method that most people are accustomed to when paying for merchandise with their credit card in a brick-and-mortar store, pin and chip technology utilizes payment cards with embedded chips inside that are inserted into a reader that also requires the customer to type in a unique pin for the purchase to be validated. This would in effect create two-factor authentication for retail transactions.
“The difference in those two transactions… is that number one, the chip validates that this was a real card, not a counterfeit card,” Tom Litchford, vice president of retail technologies for the NRF, said in a technology demonstration of a pin and chip card reader. “And, number two, by asking me to put a PIN in, it is making sure I’m authorized to use that card, so there are two levels of validation with this technology.”
According to Mallory Duncan, senior vice president and general counsel of the NRF, a large technology migration is going to have to take place for these new, more secure types of payment systems to become more commonplace in stores.
“It’s going to be a very expensive transition. The cost of the card is four or five times as high with a pin and chip than it is with traditional magstripe signature cards. So, that’s a lot of money on the part of financial services industry,” Duncan said. “On the part of the retail industry… every one of the (payment) terminals has to be replaced and depending on whether you’re counting just retailers or doctors’ offices and other places that are thought of as retail, it’s going to be between nine to 15 million (pieces of point-of-sale) equipment that have to be replaced. That’s equipment alone that averages over $1,000 per unit. You add in the software, training and everything else that goes into it, based on the studies we saw in Great Britain when they migrated to it, you’re probably talking $20 billion or $30 billion to swap out equipment. Collectively, we’re talking $30 billion or $35 billion to make the change.”
However, Duncan said that this transition is going have to start with banks issuing their customers these more secure smart cards or else it’s a moot point.
“Retailers would like to see this change, but we have to have our partners in the financial services industry issue the cards,” Duncan added. “No one wants to spend tens of billions of dollars to not see pin and chip cards out there or spend that kind of money on chip and signature. Then you’ve only got half a solution and it would be a shame to spend that much money on half a solution. If (banks) want their customers to feel safe and secure, they’re going to issue these cards we believe.”
For their part, however, many in the banking industry feel that retailers are shirking their responsibility to protect consumer data and believe that card security is only part of the issue. In response to the NRF's media briefing, the American Bankers Association, Consumer Bankers Association, the Independent Community Bankers of America, and the National Association of Federal Credit Unions, issued a joint statement on Tuesday: