Oct. 9 — A FBI public service announcement that new EMV payment cards are still vulnerable to fraud was removed from the bureau’s website Oct. 9 after retailers leaped on the statement as evidence the cards are ineffective without the use of PINs and bankers complained to the FBI about its accuracy.
FBI spokesperson Carol Cratty said in an e-mail to Bloomberg BNA that the bureau “is reviewing the PSA for clarity” after it was taken down from the website.
In a notice posted Oct. 8, the FBI said the new chip-based cards will provide greater security than traditional magnetic strip cards, but may still be used for fraud because they “can be counterfeited using stolen card data obtained from the black market.” Another threat is that data on the magnetic strip of an EMV card can still be stolen if the merchant's point-of-sale terminal is infected with data-capturing malware, the FBI warned.
The FBI announcement said that use of a PIN (personal identification number) during transactions “fully utilizes the security features built within the EMV card.” It urged customers to enter a PIN when using it and said merchants should ask customers to use the PIN.
While intended to educate consumers, merchants and law enforcement, the FBI announcement came as banks and card providers are not requiring customers to use PINs with the new technology. Retailers have been very critical of the policy. Although the EMV (Europay, MasterCard and Visa) chips make counterfeiting debit and credit cards more difficult, PINs would combat fraud involving lost and stolen cards for which merchants can be held liable, retailers say.
The FBI notice prompted an Oct. 9 statement from the National Retail Federation (NRF), a longtime advocate for requiring PINs with EMV cards. “What the FBI is saying is what the rest of the world already sees as common sense. It's the right thing to do, and we hope the banks are listening,” said Mallory Duncan, NRF's senior vice president and general counsel.
When asked for a response, a Visa spokesperson told Bloomberg BNA that she understood that the FBI's notice was being revised. By early afternoon Oct. 9, the web link that had gone to the FBI announcement went to an error message: “Oops The page you are looking for could not be found. It may have been removed, renamed, or is temporarily unavailable.”
Doug Johnson, who oversees risk management policy for the American Bankers Association (ABA), told Bloomberg BNA that he raised questions with the FBI shortly after the public service announcement appeared Oct. 8, saying it made EMV chips appear to be more vulnerable than they are.
The advice to use the PINs could also confuse customers and merchants because many of the cards do not require a PIN, he said, backing up the bureau's decision to remove the announcement.
Cratty did not respond via e-mail when asked if ABA's complaint played a role in removal of the FBI notice.
Johnson downplayed the ABA's role, saying it’s likely the FBI would have removed the announcement “as a direct result of anybody’s wishes, unless upon further reflection, they didn’t think it could be refined.”
Johnson said the ABA was only told that the FBI would consult with the banking industry group if the bureau decided to revise the public service announcement.
Visa declined to respond, but Stephanie Ericksen, the company’s vice president of global risk products, acknowledged to the House Small Business Committee Oct. 7 that EMV alone would not prevent all types of fraud, including online fraud. However, she said the new chips would prevent the most prevalent type of payment card fraud, counterfeiting, and that the payments industry is working on ways to adopt other types of card fraud.
A spokesperson for the NRF told Bloomberg BNA that the group intends to bring up the FBI's warning when it testifies before the same House committee later in October.
To contact the reporter on this story: Kery Murakami in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Michael Ferullo at email@example.com
The Oct. 8 EMV notice is available at http://src.bna.com/xF.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)