Wal-Mart: “It’s Time For Chip-And-PIN In The U.S.”

Written by Esther Schindler and Evan Schuman
May 20th, 2010

With major card brands and the banks strongly opposed to Chip-and-PIN efforts in the United States, there’s only one way it’s going to happen–and that happened Wednesday (May 19): Wal-Mart publicly forced the issue. When the world’s largest retailer insists on a path, even Visa has to listen. And Wal-Mart is now insisting on a domestic Chip-and-PIN (EMV) program.

“As far as we are concerned, signature is a waste of time. It has to be PIN or nothing,” Jamie Henry, Wal-Mart’s director of payment services, told attendees of a panel discussion held Wednesday at a Smart Card Alliance event in Scottsdale, Ariz. “Wal-Mart’s POS hardware is 100 percent Chip-and-PIN capable. Our hardware is in place,” although the software needs some work. “We are working on implementing it in the U.S. It’s time for Chip-and-PIN in the U.S. Let’s get a roadmap and move it forward here in the United States.”

Henry was supposed to be doing this particular panel with Malcolm Nunes, strategic sourcing manager for Home Depot, but Nunes didn’t show. No reason was given.

Henry described card mag-stripes today as “fundamentally flawed” and said “Let’s go directly to Chip-and-PIN.”

(See related Wal-Mart stories this issue: Wal-Mart Digital Makeup Trial: It’s the Inventory, Stupid and Should Wal-Mart Digital Signage Use Near-Time News, Weather, POS Data?)

He also told attendees that his chain has come to this conclusion fully aware of Chip-and-PIN’s security holes, but that, overall, EMV is a better option than the signature mag-stripe offerings used in the U.S. today.

“I’m not naïve. [Chip-and-PIN] has security problems. The data from the UK demonstrates that,” Henry said.

Coincidentally, this week apparently marked one of the first U.S. deployments of the smartcard payment devices, when the United Nations Federal Credit Union became what Computerworld termed “the first financial institution in the U.S. to unveil plans to issue credit cards” compliant with EMV.

It’s certainly appropriate that a U.N. bank would be the first to take such a step, because one of the key drivers behind EMV’s movement has been its globalization. Having already been deployed throughout Europe, Australia, Latin America, parts of Asia, Mexico and Canada, the U.S. is one of the largest holdouts. That fact has already started to impact American consumers who try to use their U.S. mag-stripe credit cards at merchants overseas and find that it’s got a 50 percent shot of not working

But it’s even more of an issue for global retailers such as Wal-Mart, which have to support EMV in much of the world while maintaining mag-stripe capabilities for the U.S.

“China UnionPay issued more than one billion cards with 6-digit PINs. Are they smarter than us in the U.S.? They can use them and we can’t?” Wal-Mart’s Henry asked. “We want to create an environment that is consistent for our international cardholders.”


5 Comments | Read Wal-Mart: “It’s Time For Chip-And-PIN In The U.S.”

  1. Dan Stiel Says:

    Jamie is right that the U.S. has lagged in shoring up card security. For most merchants, it’s a chicken or egg question. The incentive for retailers not quite as big as WMT to invest in another round of hardware upgrades will be lower costs and lower charge-backs. But, why invest if no cards exist.

  2. Techwatch Says:

    It is amazing how often the US lags behind Europe in many tech issues

  3. bill bittner Says:

    Retailers are often the most rational technology buyers around. They recognize the marginal benefits of technology and are not willing to spend money on it just because “it’s cool”. Since computers have been around for quite a while now, it is not the technology that is going to take a retailer to the next level, rather it will be how well their organization adopts technology. If the people really learn how to get all they can from the tools they’re given, the marginal improvement that can come from new technology is often minor. It is the added staff training and the emphasis of management that gets the greater return. Of course, the technology vendor will be quick to take credit.

    The one exception to all this might be in the payments process. This is where technology can truly make a difference. Just as it takes staff some time to learn it, thieves need time to learn how to circumvent new payment systems. In this case it might just make sense to use new technology merely for the sake of using it. It could also merely mean the retailer attracts a smarter thief.

  4. Venus Says:

    The technology is already there. We have debit cards, they can use the same technology for credit cards. It’s all BS. I don’t understand why the credit card companies have delayed this security feature for so many years. And now with Identity theft on the rise, all the more reason to implement this globally.

  5. cestmoi Says:

    US is waaay behind in so many areas, not only in EMV but also other technological advances such as during tax times.

    In some countries, during tax time, all you have to do is (assuming you’ve already applied for your government ID card with chip), you then purchase a nominal IC reader which can only be obtained from a government agency which you can plug into any computer Internet ready with USB connector.

    Download current year’s electronic tax form, plug in your ID card with IC chip; confirm on screen info (it will auto download all your reported income by various companies that you worked for during the year and any other reported income by banks, investment firms, etc) a few clicks later, you’re done. Your tax has been filed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.