That is one of the things we learn from a recent work by Douglas A. King from the Atlanta Federal Reserve. It’s not the first report telling us that PIN-based card transactions are much more secure than signature-based ones, far from it. We’ve known for a long time that this is the case, but there is always something new to be learned from the latest data and this study is no exception.
It turns out that all types of bank card transactions examined by King — credit, signature debit and PIN debit — have seen an increase in fraud losses from 2006 to 2010, measured both on a per-transaction and per-volume basis. However, the most striking takeaway from this comparison is how much more secure PIN-based debit is, compared to either of the other two card types. The data clearly tell us yet again that we should expect the credit card fraud rate to fall substantially once we have fully migrated to the EMV technology, a shift that has already begun.
Bank Card Fraud Is on the Rise
King has looked into data from three separate studies: the American Bankers Association’s?á2011 Deposit Account Fraud Survey Report, a Nilson Report study and a 2011?áPaymentsSource report. The ABA paper tells us that in 2010 debit card fraud losses totaled $955 million; from the Nilson Report we learn that the cumulative bank card losses in 2010 amounted to?á$3.56 billion; and PaymentSource has calculated that the issuers alone have lost $1.16 billion to fraud in 2010.
But the Fed researcher has dug deeper into the data from these three sources and has teased out the average fraud losses for each card type, on a per-unit basis (chart at right). You can clearly see that credit card fraud leads the two debit card types in both fraud categories, although signature debit comes pretty close to it in the per-volume department (actually, credit cards have a much bigger lead in the per-transaction category only because the average credit card transaction amount is about 2.5 times larger than the signature debit card’s). Also immediately apparent is the fact that fraud is on the rise in both categories and for all of the examined card types.
PIN Debit Fraud Costs $0.005 per Transaction, Signature – $0.027
The third immediate observation that we can make by looking at the comparison chart is that PIN-based debit produces by far the lowest fraud rates, both on a per-transaction and per-volume basis. The differences are huge.
On a per-transaction basis, credit card fraud losses in 2010 were calculated at $0.075, signature debit — at $0.027 and PIN debit — at $0.005. The corresponding numbers for the per-volume category were 0.085%, 0.075% and 0.013%, respectively.
But why, you may ask, is there such a difference between the fraud rates of credit card (all of which are signature-based) and signature debit transactions. King has the answer:
The large disparity in per-transaction fraud losses between credit card and signature debit transactions stems from credit card transactions having an average ticket size of nearly 2.5 times that of signature debit transactions.
Ultimately, PIN debit offers an additional and superior layer of authentication not offered on credit and signature debit transactions.
Unfortunately, in 2010 only 32 percent of all debit transactions, and no credit transactions, were authenticate using a PIN.
Looking into the experience of other countries leads us to precisely the same conclusion, as the one reached by King. Here is what happened in the U.K., for example, after the Brits switched from magnetic-stripe to EMV (which are PIN-authenticated) credit cards in 2004:
So I don’t think that anyone still needs convincing that EMV is the way to go in the U.S. And I’m a bit more optimistic than King, who is still “unclear whether or not PIN authentication will become the standard in the United States.” I am pretty sure that, once EMV acceptance is supported at every U.S. checkout, which by Visa and MasterCard mandate must happen by April 2013, the transition will be swift. After all, it will not make sense for anyone involved to stick to the older, fraud-prone technology, when the new and more secure one is already fully deployed.
Image credit: Rentacarfirst.eu.