Should the United States Require PIN Authentication?

If you regularly shop with a debit card, you’re no doubt used to entering your PIN whenever you make a purchase — the gas station, the coffee shop, the grocery store. But when you use a credit card, you’re asked for your signature. Occasionally, you might be asked for a biometric confirmation, such as using your thumbprint to confirm payment when you use your phone’s mobile wallet.

Justin Pike of MYPINPAD recently shared why the world, and especially the United States, needs to adopt the personal identification number (PIN) as a standard authentication for both in-person and online. As Justin recently said in a PaymentExpert.com editorial, , “When PIN authentication was introduced in the UK in 2004, losses due to the fraudulent use of credit and debit cards fell by 13 percent in the first year, use of cloned or skimmed cards dropped by 24 percent, and use of lost or stolen cards fell by 22 percent.

Justin also said that countries like the United States still relies on signatures with card payments, and that we still report high levels of payment fraud.

“For example, in late 2019, 77 percent of U.S. merchants reported they had experienced some type of fraud, and that their efforts to manage security had impacted their businesses’ bottom lines,” he wrote.

A credit card terminal. You may have to enter your PIN if you use one of these. Of course, U.S. companies are doing what they can to curb credit card fraud, such as requiring the CVV (card verification value) numbers during online transactions. And merchants should be verifying signatures by checking IDs on in-person transactions. We’ve also discussed at length how online merchants can reduce chargebacks and fraud, especially online fraud through digital authentication. But there’s a lot more that can be done.

Since COVID-19 has pushed more people to adopt online shopping, there are a lot more people who are unfamiliar with the practice, which has led to a 50 percent increase in online fraud. This means merchants should share the burden in preventing fraud on their website, or helping consumers avoid account takeover fraud and phishing attacks.

Of course, the burden is not the merchants’ alone: You are not responsible for teaching your customers how to avoid being ripped off. But it does serve your business interests to put measures in place, like requiring CVV codes for online purchases, or requiring them to use stronger passwords than p@ssword1 and mittenskitty.

(Yes, it’s important that your buying process is as streamlined as possible and that your customers can easily buy online from you. But until someone figures out a way to streamline the credit card dispute and fraud recovery processes, you still need to protect your business.)

In the end, Justin Pike has a point: We should require PIN authentication in credit card purchases, whether in-person or online.

The PIN follows the SCA requirements of “Something they have, something they know, something they are — Pick 2.”(It’s the “know something.”) It’s fairly easy to remember since it’s only four digits, although Payments Journal says 34% of consumers are comfortable with codes of more than four digits. And the system is already in use on POS kiosks for debit cards, so it shouldn’t be that difficult to require it for credit cards too.

If the United States would like to see the same drastic drops in credit card fraud, skimmed cards, and lost/stolen cards, maybe we should start requiring PIN authentication for credit card transactions.

In the meantime, ask your associates to verify identities and checking signatures.

If you’d like to learn more about how to protect your business from fraud and theft, Corepay can help. To learn more, please visit our website or call us at (866) 987-1969.

Photo credit: Whym (Wikimedia Commons, Creative Commons 3.0)