PIN or pen?
October 9th, 2008 Posted in PCI DSSRecently, I saw an add that really surprised me. It said “use your pen not your PIN” and was posted from a local bank. I thought it was interesting because my assumption was that the bank wanted the increased interchange over the PIN-based debit transactions. I felt that because the card brands offered ‘zero liability’ I would save the merchant a few cents and use my PIN for all debit transactions. I have had my card data stolen at least 3 times in the last 6 years and at one point had $4,000 swiped from my brokerage account that had a debit card attached. A quick call to my bank and an short affidavit later the money was returned within 24-hours. This is why I love using my Visa Card.
Imagine my surprise when speaking with an associate at Visa that informed me that PIN based transactions are not necessarily covered by ‘zero liability’. This point appears to be supported by the following quote in Bankrate.com:
“According to Visa, PIN-based transactions may process through non-Visa networks, which may or may not match Visa’s zero liability policy. The financial institution that issued your card will decide your liability in cases of fraud. Signing for purchases ensures that the transaction processes over the Visa network and falls under the protection of the zero liability umbrella.”
Making the situation worse is the increase in the number of data thefts involving PIN data. ATMs are now being compromised more than ever and today, CNN posted an interesting article on Skimmers being placed on unattended fuel pumps. You can read the article here.
In light of the newly obtained information regarding the potential liability associated with PIN-based transactions, I have decided that the merchants can spend a bit more on interchange as I am no longer using my PIN and will instead revert to the use of the proverbial Pen.
Please share your thoughts.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
2 Responses to “PIN or pen?”
By Walt Conway on Oct 10, 2008
Mike,
You got away lucky! The difference is due to the differing regulations involved: debit cards link to a demand deposit account (DDA) and are governed by Federal Reserve Regulation E; credit cards are governed by Reg W. When you use your PIN-based debit card (aka, ATM card), you are moving money from your checking account (DDA). The money transfer is immediate. If you want it back, you have to (nicely) ask your bank. On the other hand, if you use your Visa credit card, your issuer’s (not your) money is at risk, and you can dispute the transaction. Even when there is fraud, your liability is limited to $50 which is rarely enforced.
Moral of the story: When your bank sends you an ATM card with a major payment brand on it, ask them for just a plain ATM card instead. This way you are protected both from PIN fraud and from anyone emptying your checking account using the card in an offline environment!
By DAG on Oct 10, 2008
Mike,
In Canada we have the Interac Debit network and those transactions are very different from Visa, MasterCard etc. Canadian regs are similar. That is if your Interac card gets skimmed and used you may be able to get all your money back but the fight is uphill. Hence, there are lots of places I will not use a debit card. Thankfully, we have not had “combo” debit/credit cards for some time.
Now we have Interac pushing Chip and PIN but that is still connected to your bank account. Credit Chip and PIN cards are beginning to show up but they are presumably connected to your credit card account. It would be an interesting question if there is a difference with zero liability here.