Maine’s attorney general knows firsthand what debit card fraud means.
Last month, a debit card belonging to Attorney General Janet Mills was breached. A spokesman for Mills said her credit union luckily spotted unusual activity and alerted Mills before the thief racked up too many charges.
CardHub says unauthorized use of debit and credit cards totaled $11.27 billion in 2012.
Card issuers and merchants absorb virtually all losses involving credit cards. Prompt reporting is critical to minimize a consumer’s liability in case of debit card breach or loss.
On Oct. 1, new rules made merchants liable for losses if they had not installed new card processing equipment. The aim was to make chip-embedded cards universally acceptable and to get outdated, magnetic stripe cards out of circulation. Card issuers embraced the chip, but many continue to require a signature as supposed authentication.
Technology known as chip-and-PIN, or personal identification number, boosts security sharply. A consumer can’t vary his or her signature; the consumer can change a PIN at will, and that’s an ability that consumers in about 80 other countries already have.
Mallory Duncan, senior vice president and general counsel of the National Retailers Federation, said recently that “continued reliance on an illegible scrawl isn’t good enough to protect American consumers when the technology of a secret, secure PIN is readily available.” Duncan’s remarks supported efforts by Mills and eight other attorneys general to get card issuers to embrace chip-and-PIN.
On Nov. 16, the eight attorneys general wrote to top officials of American Express, Bank of America, Capital One, Citigroup, Discover, JP Morgan Chase, Mastercard and Visa. Their letter calls for swift adoption of chip-and-PIN.
“Absent this additional protection, your customers and our citizens will be more vulnerable to damaging data breaches,” they wrote. “This is something we cannot accept, and nor should you.”
Debra Berlyn is president of the Consumer Privacy Awareness Project, an effort to educate consumers about online privacy issues. In an OpEd in this newspaper on Nov. 23, Berlyn echoed the attorneys general’s call, charging that “the big banks and credit card companies are cutting corners to cut costs, forgoing the added PIN feature to reduce the amount they would have to invest in new cards.”
Critics contend that requiring PINs could cause confusion among some consumers. Given the need for a PIN in many modern transactions, we doubt serious problems would arise.
An official of the Federal Reserve Bank wrote in 2013 that signature verification in the U.S. was likely to continue for some time. Fraud on lost or stolen cards would likely not drop as a result.
“Fraud may even rise,” Richard J. Sullivan wrote, “as fraudsters, unable to commit fraud on counterfeit cards, begin to target payments with relatively weak security, such as transactions that allow signature authorization.”
The attorneys general say they’re not interested in mandating any particular technology in law. Instead, they call on the executives “as good corporate citizens” to use and continue using available technologies that offer the best protection to consumers.
A spokesman said Mills will be receiving a new debit card, one that includes chip-and-PIN technology. She’s hoping more institutions will make similar shipments in the near future.
Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit https://necontact.wordpress.com or email firstname.lastname@example.org.