The End of Chip and Signature: What's Next?

The POS industry is being disrupted at a head-spinning rate. Every season, manufacturers and software providers are rolling out new payment options that don’t just tweak previous methods, but completely eclipse them. And changes don’t just rest with hardware. Acquirers and merchants continually have to adjust their procedures to meet evolving data standards.

While new technology is great, and data security is essential, this pace is beginning to leave merchants clutching their wallets and saying “no more.”  After all, we’ve just gotten over the EMV hurdle. Changes are expensive: hardware costs are a drain on the bottom line. And when you factor in the uphill haul of employee training, you can’t blame merchants for flat-out lack of interest.

As a payment service provider, it’s your obligation to get your merchants ready to meet industry changes. And there’s a big one coming up in just a few months: the evolution away from chip and signature. Here’s the story:

Don’t Sign on the Dotted Line

First, the great news (from a convenience perspective, anyway.) In April 2018, all the major credit card brands are dropping the signature requirement for POS purchases. As we all know, the signature is pretty much useless for fraud prevention. Anyone can scribble a squiggle using a stolen card. It’s great that brands have taken action to eliminate this unnecessary step.

Dropping the signature, combined with much faster chip processing speeds, means that consumers will be practically dancing through the checkout line. From this perspective, it’s a win for retailers. We should all expect to enjoy reduced friction. However, in the long run, issuers and acquirers may be shooting themselves in the foot. Here’s why.

Objections to Chip and PIN

During the EMV transition, the US payments industry missed a great opportunity to settle security once and for all by implementing chip and PIN. After all, the rest of the developed world uses a chip and PIN standard. But banks didn’t push for chip and PIN out of fear that friction would drive away consumer business. No one wanted to be the card that was sticky to use. While that’s understandable, the adoption of chip and signature has limited fraud prevention.

Now with the elimination of signature capture, transactions will be easier than ever. That’s a great outcome, but it’s guaranteed that consumers will object mightily to adding PINs to the process in the future, should that requirement arise.

Banks will likely object too. Card issuers just took an expensive hit provisioning chip cards to millions of Americans. For PIN readiness, they’ll have to reissue millions more. And since stolen card fraud pales in comparison to other sources of data breaches, there’s really not enough incentive for banks to force the issue.

Chip and PIN: What If?

Let’s imagine that chip and PIN does get passed in the US. What would that mean for your merchants’ transaction terminals? Fortunately, not a thing! EMV terminals are fully equipped to accept chip and PIN payments. In the long run, it would be preferable to invest in terminals with a shield to guard typed PINs from view. But for now, you could outfit your merchants with inexpensive add-on PIN shields for this purpose. They may look a little clunky, but they get the job done.

Alternate Solutions

Back to reality now. It’s obvious that improved card authentication is necessary. But if chip and PIN isn’t the answer, then what is? Biometrics may provide a great solution, once technology catches up with scale. Biometrics are passive, requiring little to no effort from consumers. And at least for now, they’re highly unlikely to be stolen.

While it may seem like biometrics belongs in Mission Impossible rather than your local grocery store, it’s becoming increasingly prevalent. We’ve already seen the widespread adoption of biometrics in personal tech. Apple iPhone uses thumbprint scans to authorize purchases. Samsung Galaxy offers retina scans to unlock the phone. Laptop computers use facial recognition to open user accounts.  Right now, fingerprint readers are in widespread use in state agencies for functions like driver licenses, food stamps and social security. Even local daycares and churches have jumped on the bandwagon, using biometrics for door entry.

Biometrics in POS Systems

For payments, biometrics are not yet a viable option. Visa and Mastercard have performed some pilots, but the technology is not quite there to issue biometric cards affordably on a mass basis. However, biometrics are incredibly valuable on the business backend. Fingerprint readers can be easily integrated into tablet POS systems. They enable a number of practical functions that your merchants can use today.

Biometrics is an excellent way to tighten up operations and cut fraud internally.  Passwords, entry cards, and physical keys can easily be shared among employees, leaving employers without accurate record keeping. For time and attendance, biometrics requires each employee to be present to sign in, eliminating “buddy punch” fraud. Biometrics helps cut fraudulent returns, voids and gift card sales, as each employee is accountable for their actions via an undeniable, unique login. And best of all, with improved record keeping, biometrics can help merchants meet PCI compliance standards for data security.

It’s clear that merchants are not interested in new technology for technology’s sake. But the fact remains that new security technology - from tokenization to biometrics -  brings a real, measurable benefit to your merchant’s bottom line.

We all pay for fraud losses. Even though PCI compliance may enable merchants and acquirers to avoid fraud charges, these costs don’t simply disappear. They just get pushed farther down the line, and they come back to your merchants in the form of greater transaction and settlement fees. By promoting better security at the point of sale through chip and PIN, biometrics, and various forms of tokenized payments, we can reduce costs for everyone in the payments ecosystem in the long run. Encourage your merchants to embrace these changes.

in Industry News, Security, Technology