Best Buy's move has security implications and highlights an age-old fight between merchants and card brands, said Avivah Litan, VP and distinguished analyst at Gartner. The consumer electronics retail giant made the decision because Visa is forcing merchants to use pricey signature-based authentication with contactless transactions, as opposed to PIN authorization, which is cheaper for retailers.
“Visa felt that prompting for PIN reduced the speed and convenience benefits of contactless,” a source close to Visa says.
Signature-based authentication is subject to a higher interchange rate – the fee that merchants must pay acquiring banks for card services.
Card brands encourage consumers to use signature rather than PIN-based debit, even though PIN is more secure than signature-based authentication, Litan said. “Retailers want PIN-debit because of lower fees and higher security, and the card companies want signature-debit because of higher fees.”
Contactless transactions are more secure than traditional, magnetic stripe debit card transactions, Litan said. This process uses a dynamic authentication code that changes each time the contactless card is used based on a unique algorithm. “The code presumably can't be replicated properly if someone steals the information on the contactless card.”
However, according to Richard Mackey, VP of network security consultancy System Experts, contactless payments are not necessarily more secure than traditional payment methods. “There are still security problems associated with contactless cards. “People have shown during testing that they can extract primary account numbers out of these devices.”
Despite the possible security benefits, there is likely to be pushback for contactless payments from even more retailers, Litan said. That is, unless Visa and the other card brands make this method of payment more economically attractive to retailers by lowering their interchange fees. In the long run, card companies will have to find a more secure payment method that U.S. retailers will be willing to pay for by lowering interchange fees, fraud costs and other security or compliance costs, Litan said. “But don't hold your breath.”