A credit card with EMV (for Europay, MasterCard and Visa) chip security. Credit: Shutterstock
The FBI posted an online advisory about vulnerabilities with new chip-enabled credit cards, but then removed the message on Friday, less than a day later, following concerns from U.S. bankers that back chip cards.
The original online post was headlined, "New microchip-enabled credit cards may still be vulnerable to exploitation by fraudsters," and was replaced by a "page not found" message as of mid-day Friday.
The FBI didn't offer any comment Friday on what happened to the original post, which raised the need for PIN (personal identification number) security included chip-embedded cards. Use of a PIN instead of a customer's signature to bolster a chip card has become a heated battle between the nation's major retailers, which back a PIN, and powerful credit card companies and the major banks they support, which back signatures.
The American Bankers Association contacted the FBI on Thursday urging it to revise and clarify its original post, which was in the form of a public service announcement (PSA), to reduce confusion over the use of PINs with chip cards, an ABA official told Computerworld on Friday.
"We saw the PSA yesterday and spoke to the FBI after we saw it and we thought it was not really reflective of the U.S. marketplace and thought there would have been some level of confusion with the use of PIN," said Doug Johnson, senior vice president of payments and cybersecurity policy at the ABA, in a telephone interview.
Johnson said it seemed likely the FBI would revise its PSA, but he had no idea when.
Spokeswomen for both Visa and MasterCard said Friday that the FBI was expected to revise the original statement, and had no further comment.
Of all the major card companies, Visa, notably, has supported having consumers provide a signature instead of a PIN to secure an in-store payment with a new chip card. Retailers, including the National Retail Federation and the Merchant Advisory Group have supported the use of a PIN with the chip-embedded card to improve security.
"Retailers have long argued that PINs are essential to providing cardholders with the security that they deserve," said Brian Dodge, executive vice president of the Retail Industry Leaders Association, in a statement issued Friday. Reacting to the FBI's original alert, which has since been removed, he said it was a "wake-up call to the banks and card networks that continue to stand in the way of making PIN authentication the standard in the U.S. just as it has been around the world for years."
Sign up for CIO Asia eNewsletters.