Dive Brief:
-
Target is taking matters into its own hands when it comes to EMV credit cards and will require personal identification numbers when its branded Visa cards are used.
-
The FBI and many retailers have warned that eschewing the use of PINS, which most banks and the credit-card companies have done in the U.S., are leaving even the chip-enabled cards vulnerable to cyber-theft.
-
Target customers will be receiving entirely new credit-card account numbers with their EMV chip-and-PIN cards.
Dive Insight:
Perhaps it’s understandable that Target of all retailers would take the most prudent approach to EMV cards considering its massive breach a couple years ago.
The retailer was one of the first to have its new EMV-ready point-of-sales systems online, and customers who have the new cards are prompted to use them in the EMV slot, ensuring that they get the added protection of the embedded security chip and don’t just swipe through the decidedly less secure magnetic reader (which are still part of all POS systems).
Still, the company is making a somewhat bold move here, risking what the banks and credit-card companies have said would be the ire of shoppers, who they say will be inconvenienced by having to use a PIN. Target’s Visa cards can be used elsewhere as well.
But the retailer says it’s treating its customers’ data security as a priority. Using a PIN has the potential to make any credit-card transaction 700% more secure than transactions that forego the PIN, according to the Retail Industry Leaders Association.
“Banks and credit unions should be following Target’s lead by issuing chip and PIN instead of chip and signature cards," RILA's Jason Brewer told Retail Dive in an email. "There is simply no excuse for American banks to be issuing cards to U.S. consumers that are less secure than those they issue in Canada and Europe.”
