Visa Pushes Back PIN Pad Fine Threat To 2012

Written by Evan Schuman
October 15th, 2009

After some serious retail pushback—particularly in the gas station sector—Visa has relented and agreed to back off an earlier PIN pad compliance deadline originally set for July 1, 2010, some 7-and-a-half months away. The new policy isn’t threatening fines until Aug. 1, 2012.

One organization that had been pushing the change, the National Association of Convenience Stores (NACS), applauded the change.

“This is huge for our retailers, as many have expressed their inability to financially swallow PCI compliance, which costs an average location $20,000, and upgrading dispensers to TDES at an average cost of $3,000 per dispenser,” said Michael Davis, NACS vice president of member services. “Our average site operator made $40,000 pre-tax last year. For them to invest in all mandates this year means operating at break-even. This allows retailers to take the more cost-effective approach of installing TDES-capable PIN pads during pump upgrade cycles, rather than a blitz.”

But the changes were mostly fueled by strong retail lobbying efforts. Beyond the convenience retailers that NACS represents, several of the nation’s largest chains—including at least one major department store—were threatening to abruptly cut off PIN debit at the deadline, possibly switching to signature debit to temporarily sidestep the issue.

The tactic is not dissimilar from what Best Buy did this summer when it threatened Visa over contactless payment debit charges. That move took the form of a media statement the retailer issued on July 16, in which Best Buy said it “is constantly looking at ways to reduce the cost of check lane tender. As part of this exercise, we are evaluating the continued acceptance of Visa-issued contactless payment cards in our stores in light of recent price increases. However, at this time we have not completed our analysis.”

Under pressure from multiple retailers, Visa this time chose to back down. Technically, the deadline for next summer is still in place. But the threatened punishment has been pushed back a few years.

According to a Visa document detailing the change, the new threat date’s objective is not to raise revenue. “Visa’s goal is not to fine clients but to encourage adoption of the triple data encryption standard (TDES),” said the PDF, based on a slide presentation made by two Visa payment system risk managers: Stoddard Lambertson and Ross Snailer.

Another NACS representative’s quote on the NACS site suggested that the move was also in the best interest of Visa, because the extra time would allow for consideration of more retail-friendly payment strategies.

“Our analysis of card costs has shown that signature debit, while much less secure for our customers, is now the same cost as PIN debit but without the cost of having to upgrade PIN pads,” said Gray Taylor, payments consultant to NACS. “We are concerned that PIN debit interchange—which has risen an average of 15 percent on a compounded basis since 1996—will price itself out of our market, and shift significant transaction share to Visa and MasterCard while eliminating access to new payment card concepts that bring competition to the card payment market. Of course, if the latest Maestro PIN debit interchange hike—78 percent—is any indication, EFT networks will price themselves out of our market without the TDES mandate.”


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.