Credit And Debit Card Signature Based System To Be Replaced With PIN
Starting January 2017, credit and debit card signature-based system for authentication purposes will be replaced with PIN (personal identification number) verification.
Within the next six months, eight million credit cards and 31 million debit cards will be replaced with new PIN-enabled cards. All card issuers who fail to replace all signature-based cards by year-end must notify Bank Negara with justification.
As of April 2016, about 36,500 merchant payment terminals have been upgraded to support PIN-enabled transactions. Outlets with upgraded terminals will display the Pin & Pay logo.
The migration from signature to PIN is part of a worldwide shift which has been implemented in various places globally, including Europe, Canada, Australia and New Zealand. The Middle East will soon follow suit.
According to Paul Brisk, founding director of payment systems consultant Cotignac Consultancy Systems (consultant employed by Sutherland Global Services Malaysia, the project management office handling the Malaysian system migration) this is a preventive measure as fraudsters typically aim the conventional signature-verified market.
Brisk said that the PIN verification adds more security as it is a two-pronged system, combining a physical card and a PIN which would be known only to the user. The cards would use a six-digit PIN which will be required for all transactions except “contactless” transactions (waving or tapping the card at the terminal) involving amounts of RM250 and below.
Chuah Mei-Lin, the Executive Director of The Association of Banks in Malaysia (ABM) said that the PIN verification would be effective when it comes to lost or stolen cards.
An information security manager for financial services, Sathish Kumar, advised users to have a different PIN for different cards. He justified this with his explanation that fraudsters use social engineering to detect PINs. If users use different PINs, the fraudsters won’t easily have access to all user accounts.
He suggested that users reverse the PINs for different cards, making it easier for recalling purposes. He concluded saying that using a PIN generally feels more secured. If users key in incorrect PIN, the system would not approve the transaction and won’t allow users to revert to signature either.
Though all signature-verified credit and debit cards must be replaced by the end of 2016, users will still be able to sign on purchases until July 1, 2017.
This is to enable users to familiarise themselves with the new system. If users have enabled the PIN on their new card but can’t recall the PIN, a signature will still be accepted within this time frame.
However, for users travelling to a country with a PIN system already in place, the terminal will identify PIN and users will not be able to use a signature.
Card users must activate their PINs within the time frame stated by issuers. Users can do this via Internet banking, interactive voice response, ATM or at a branch terminal.
If users don’t switch to a PIN card, the old signature-enabled cards will stop working after 90 days for credit cards or by July 1, 2017, for debit cards.