Point of sale, Chip & Pin authentication is set to take over from the current signature-based authorisations
09.02.2004 - CCL News

2005 is the year when we can expect to see significant changes to the way that credit and debit card transactions are handled by the UK's retail and banking organisations. Point of sale, Chip & Pin authentication is set to take over from the current signature-based authorisations. As a result, the banking institutions will no doubt express a huge sigh of relief, because their exposure to fraudulent transactions is expected to reduce by at least 50%. However, the risk of fraud may only be moved on to a different target, rather than eliminated altogether.

The Big Picture
The new Chip & Pin era is likely to arrive next year, with the financial institutions declaring the deployment to be a success, and no doubt the Government claiming it as a technological breakthrough in the war against fraud of mass destruction. Just a minute, this is only a smartcard with a protected pin number I can hear you screaming, and you would be right. However, what it does is make the ease with which card fraud can be achieved significantly more difficult to the grassroots fraudster. Which would be well and good if all companies that accept credit and debit card payments will be ready for the new system from day one. Unfortunately, that is unlikely to be the case, as not all retail organisations currently understand the benefits/consequences that will occur from deploying or failing to deploy the new technology.

Currently, most retailers are shielded from the full effects of card fraud - the card providers take a not insignificant proportion of the financial pain themselves. Therefore, many small to mid-range organisations who normally change their retail EPOS systems no more frequently than every five to seven years have not yet understood the significance of what the Chip & Pin D-day (Deployment day) will mean to them.

Large retailers, such as the supermarkets and high street chain stores, can be expected to be ready to go from day one, as they understand the consequences of not being ready. The small end of the market place, the one and two till outlets, etc., will also be able to use the new Chip & Pin system from day one. Very few of these outlets have developed their own card handling solutions, preferring to rely on rented card swipe equipment supplied by their bankers, and this equipment will be automatically replaced with new Chip & Pin readers.

This leaves the mid-market players who run their own EPOS systems and who probably feel that they cannot afford or justify the replacement of existing systems ahead of schedule. Unfortunately what such retailers may have failed to appreciate is the dual effect that Chip & Pin is likely to have on their ability to survive. First of all, the banking institutions that had previously insulated such organisations from the full financial implications of fraud will pull the rug from under any organisation that continues to use the older, less secure, signature-based authorisation technology, exposing their risk to all transactions that they accept. Then, because the markets high profile vendors and the small targets at the bottom of the market have been removed from the easy reach of the common fraudster, there will be a natural gravitation to pushing fraudulent transactions towards those vendors that continue to run the older, exposed systems.

Chip & Pin technology will be in use across the UK next year, the banking institutions will come down hard on any organisation that thinks it can get away with continuing to use signature-based EPOS solutions, therefore heed the warnings, as time is already at a premium.