What's the difference between chip-and-PIN and chip-and-signature?
We're just one year away from the official switch over from credit cards using a magnetic stripe to ones containing a microchip. And as many businesses and card issuers start changing to the new cards, you may hear terms like chip-and-pin and chip-and-signature being thrown around. But what's the difference? And does it matter?
To answer that question, let's first talk about what they have in common. As the name indicates, both chip-and-pin and chip-and-signature card will have a built-in microchip and will navigate away from the magstripe we currently use. In short, both offer enhanced security against fraud when compared to the cards we use today. The chip will actually encrypt your personal information when it is transferred to the merchant, whether this is done online or in-person. This will make it much more difficult for a thief to get access to your information without actually having their hands on your physical card. As we have seen with the recent data breaches, identity thieves don't usually have the card in-hand.
Now for the difference. The two types of cards only vary in how they are verified during in-person transactions. One uses a PIN and the other requires a signature. Think of the current difference between a debit card and a credit card. The debit card requires a PIN to be input in order to process. That's how the chip-and-PIN will work. For a credit card, the card is supposed to be verified by the cashier by matching the signature on the card and the signature on the receipt. It's the same process for the chip-and-signature. But even now, how often does the cashier check the signature on your card? Not very often.
If you haven't already, you will likely start seeing new payment terminals being used at businesses within the next year. Likewise, expect to be issued a new credit card with a microchip. Banks, businesses and credit card issuers have been given until October 1, 2015, to update their technology. Now, they aren't actually being forced to change, however, new laws will change who is liable for any fraud that happens based on the technology being using.
For example, if a business is still accepting payments through a machine that reads magnetic stripes and the customer has been issued a card with a microchip, then the business will be responsible for any fraud that happens. On the other hand, if the business has installed a chip card reader, but the bank has not issued a card with a chip, then the bank would be liable for any potential fraud. So while no one is required to switch over, most financial institutions and businesses are taking the initiative to protect themselves from any liability due to fraud.
The bottom line is the switch to microchip encryption, whether with a chip-and-PIN or chip-and-signature, is going to make our credit card transactions more secure. But if given the choice, go with the extra security that comes with the chip-and-PIN.
Here's a look at a few more questions and answers on chip and pin technology.