Friday, July 22, 2011

Signature vs. PIN, Post-Durbin Style




Signature-based debit transactions carried higher interchange rates than PIN debit transactions for many years. The Durbin Amendment will finally balance those fees, but with this change comes a debate over the future of these two types of transactions.
In a panel discussion at the AFP Retail Roundtable in May, Steve Mott, CEO of BetterBuyDesign, explained that signature debit transactions do not exist in many countries outside the U.S., other than France, the U.K. and some Asian countries. It has not really caught on elsewhere because most consumers view debit transactions as using “their” money, which they are putting into the bank for “safe-keeping,” Mott said. 
The Federal Reserve issued its final rule on debit interchange fees on June 29, setting signature and PIN at 21 cents per transaction. Banks also are allowed to charge slightly more if they take steps to avoid fraud. The new rule goes into effect on October 1.
Some industry experts now expect financial institutions to begin pushing their PIN-based product, which currently carries fees of about 10 cents per transaction. However, this is not a viable option for Visa and some of the larger financial institutions, Mott told Payments in an exclusive interview. “I think they would prefer to figure out how they can get around the intent of whatever the regulations turn out to be to promote the golden goose of signature debit as long as they possibly can, at least in the United States. And I think Visa’s long-term strategy is to kill PIN, because it takes almost all of the possible fraud and problems out of the system. And that’s not good for the payments industry because they make all of their money on inefficiencies in the payments system.”
Security 
Signature debit carries a high potential for fraud, noted one retailer at the session. Panelist Pat Moran, Senior Vice President, Product Management of Fifth Third Processing Solutions, said that amount of fraud on signature debit is actually very low, “in the three basis point range, on volume.” However, Moran admitted that there is next to no fraud with PIN debit. Moreover, session moderator David Bellinger, CTP, Director of Payments at AFP, added that the Fed found loss rates for signature to be “tremendously higher” than any fraud discovered with PIN.
Bellinger asked the crowd whether or not refusing signature debit is a legitimate option, and they universally agreed that it is not. “It’s possible to say that you can stop taking signature debit, but when you are a merchant that has been in business for a number of years, and your customers are conditioned to coming in—you face a real loss of revenue,” said one corporate in attendance.
One corporate asked why the banks continue to push an inferior product. “As a consumer, I feel much more secure using PIN debit because only I know my PIN,” he said.
Moran agreed that PIN is much more secure than signature. But to reach a more secure solution, the costs are high, he said. “Ninety percent of our merchant customers don’t take PIN today,” he said.
There are other significant incentives for card issuers to push signature transactions. “The issuer may get their interchange regardless of whether it’s PIN or signature, but for Visa and MasterCard, there’s a little add-on beyond interchange that they risk losing,” said one retailer.
Mott cited this is as another reason why Visa is trying to expunge PIN, which it views as a static authenticator, and move to dynamic authentication, EMV (Europay, MasterCard and Visa) chip and PIN—with a slight alteration.
 “They don’t want to tie the transaction to the consumer, which is why the fraud and the chargeback and charge-off rates are so low for PIN,” said Mott. “But they also don’t actually encrypt the information on the account credential that’s in the card with the chip on it. They leave the PAN (Primary Account Number) and the expiration date in the clear. They encrypt the CVD (Card Verification Data) code, a small piece of data that provides a unique transaction ID, and that goes with the PAN and expiry date all the way through the system and back to the merchant.
“The problem with that solution is that doesn’t relieve the merchant from PCI compliance. You still have the PAN and expiry date. Not only that, but I can shop on dozens of online sites with just the PAN and expiry date, because they don’t look for the CVD. So Visa, in my view, is playing three-card Monte with payments security. If you take the PIN out and leave the PAN and expiry date in the clear, the merchants don’t really benefit fundamentally from the shift to EMV.”
Excerpted from the July issue of Payments. 

Disqus for ePayment News