Skip to main content

The FBI issues – then quickly retracts – warning about chip-enabled credit cards

Jelisa Castrodale   | Paste BN

The FBI issued – and then quickly removed – a warning about chip-enabled credit cards, reportedly after being contacted by the American Bankers Association. On Thursday, the FBI posted an alert from its Internet Crime Complaint Center, warning credit-card holders that those shiny new EMV cards that they've received in the past few weeks could still be vulnerable to fraud, especially if retailers still rely on the customers' signatures, instead of requiring a PIN to make purchases. Less than 24 hours later, that statement had been replaced by a "Page Not Found" message.

Under a heading marked "Threat," the FBI's original statement read:

"Although EMV cards will provide greater security than traditional magnetic strip cards, they are still vulnerable to fraud [...] Further, the EMV chip will likely not stop stolen or counterfeit credit cards from being used for online or telephone purchases where the card is not physically seen by the merchant and where the EMV chip is not used to transmit transaction data."

According to Computerworld, the Bureau yanked the post after being contacted by the American Bankers Association, which urged the FBI to revise its statement. Doug Johnson, the ABA's Senior Vice President of payments and cybersecurity policy, told the site:

"We saw the PSA yesterday and spoke to the FBI after we saw it and we thought it was not really reflective of the U.S. marketplace and thought there would have been some level of confusion with the use of PIN."

Most of the major credit card companies – and the banks they are affiliated with – support the use of signatures to confirm purchases made with EMV cards. But the retailers themselves are on the FBI's side, suggesting that customers should have to enter a PIN at the point of purchase, which would use all of the EMV cards' security features. (This is the standard in an estimated 80 countries around the world, where the EMVs are commonly referred to as chip-and-PIN cards. Very few true chip-and-PIN cards are available in the U.S.).

In a statement published shortly after the FBI's warning, the National Retail Federation issued its own response, praising the Bureau for asking for more security at the point of sale. Mallory Duncan, the NRF's Senior Vice President and General Counsel said:

"What the FBI is saying is what the rest of the world already sees as common sense [...] That’s why we are pushing the banks to use all of the security the new cards are capable of providing, not just half. They shouldn’t lock the front door but leave the back door wide open."

 Most of the cards being issued in the United States are chip-and-signature, despite the NRF's concerns (and the FBI's short-lived PSA). The FBI is expected to revise its statement, but has not said when a new PSA might be released, nor whether it will completely back off on its signature-related warnings. Road Warrior Voices has reached out to the FBI for additional comment.

The full text of the FBI's now-retracted statement is below.

Facebook Twitter Email