The FBI has a stern warning for the credit card industry's latest security measure, the EMV chip. In a statement today, the FBI's Internet Crime Complaint Center warned that the new chips don't prevent against online fraud or point-of-sale compromises of the type seen in the Target hack. The warning emphasizes the weakness of signature-based systems ("chip and sign" rather than "chip and PIN"), and instructs merchants to require a PIN number in place of a signature wherever possible. "This fully utilizes the security features built within the EMV card," the warning states.
The underlying weaknesses in the warning were already known to much of the industry, but it emphasizes the frustration many feel with the current deployment. "The FBI’s alert should be a wake-up call to the banks and card networks that continue to stand in the way of making PIN authentication the standard in the US just as it has been around the world for years," said Brian Dodge, executive vice president of the Retail Industry Leaders Association, in a provided statement.
Even with the new system, the US is still woefully behind the curve in payment technology, as most major markets have finished the transition to chip-and-PIN systems a decade ago. The current system is more relaxed, allowing for signatures in place of PIN numbers, but a recent study found less than two-thirds of retailers have been able to implement the system before an industry-wide deadline earlier this month.