WSJ vs PIN

By Felix Salmon
November 22, 2010
knows what she's talking about when it comes to the relative safety of signature debit and PIN-based transactions.

" data-share-img="" data-share="twitter,facebook,linkedin,reddit,google" data-share-count="true">

Gartner’s Avivah Litan knows what she’s talking about when it comes to the relative safety of signature debit and PIN-based transactions. PIN is much safer — to the point at which Bonneville Bancorp recently banned signature debit altogether, despite its higher fees:

“All I can think of is that the fraud was so high that the lost interchange revenue is worth it compared to the cost of issuing new accounts,” said Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc. “It’s a statement admitting PIN is more secure” …

Litan said there is no confusion about which is the more secure method.

“From a pure technical security standpoint, PIN is much more secure,” she said. “There’s no two ways about it.”

So how on earth did the WSJ’s Karen Blumenthal manage to report this over the weekend, in an article about ATM fraud?

Use your PIN sparingly at retailers, and choose the signature option—or a credit card—instead, Ms. Litan says.

This doesn’t make any sense. For one thing, the article is about ATM fraud, and says nothing about the possibility of fraud when using a retailer’s POS machine. And as Litan well knows, signature debit is much more prone to fraud than using a PIN.

More generally, Blumenthal seems weirdly wary of the most secure form of payment there is:

Chip-and-PIN technology isn’t foolproof, and experts say U.S. banks and retailers may instead leapfrog that technology, possibly by using the capabilities of smartphones to verify transactions or to actually make the transactions instead of using a card.

“Foolproof” is an impossible and silly standard to use when it comes to payments; I can guarantee you that if and when smartphones get involved, that won’t be foolproof either. And in any case, smartphone verification is still very much in the realm of science fiction, in stark contrast to chip-and-PIN technology, which is used by hundreds of millions of people every day.

The fact is that chip-and-PIN is safer than PIN, and PIN is safer than signature. But you’d never guess that from reading Blumenthal’s piece. And I’m genuinely puzzled about that quote from Litan.

Update: Litan clears things up in the comments. Signature debit is definitely more prone to fraud — so in order to incentivize their customers to still use it, the banks are much more generous when it comes to fraud coverage for signature debit than they are for PIN transactions. As a result, it makes sense for consumers to use the less secure payment method — because if they are a victim of fraud, they’ll be covered more quickly and easily.

9 comments

Comments are closed.