CTNJ file photo
Attorney General George Jepsen (CTNJ file photo)

With the holiday shopping season under way, state Attorney General George Jepsen is calling on the country’s largest credit card issuers to better protect consumers from identity theft – quickly.

Jepsen and eight other attorneys general have asked the leaders of MasterCard, Visa, Discover Financial Services, Bank of America, Capital One, Citigroup, American Express and JPMorgan Chase to expedite efforts to bring chip-and-PIN technology to all credit cards as soon as possible.

The technology is widely considered a more secure method of processing credit and debit card transactions, compared with traditional magnetic-stripe cards.

As opposed to swiping a traditional credit and debit card, consumers insert their chip-and-PIN card into a card reader and keep the card in the reader until the transaction is complete, including when they enter their PIN. The chip within the card approves the transaction.

“Over the last few years, breaches at major retailers that involved credit and debit card information have really shown a giant spotlight at the inherent weakness and vulnerability of magnetic strip cards even when the cards are lost or stolen,” Jepsen said in a statement.

“We know, based on experiences in other countries, that chip-and-PIN cards offer greater security to consumers – security that I believe far outweighs any initial burden or confusion that always comes when we need to get used to a new way of doing things, like using a credit card,” he said. “Consumers in Connecticut and across the country deserve access to the absolute best that the industry has to offer. Right now, that is chip-and-PIN, and I believe it’s my responsibility to advocate on their behalf for it.”

He and the other attorneys general wrote a letter to credit card company leaders, urging them to speed up their plans to roll out the technology.

Most chip cards being issued nationwide, they say in the letter, require only a signature as the secondary form of verification. They want a PIN to be required as the second form of identification.

“There can be no doubt that this (signature) is a less secure standard, since signatures can easily be forged or copied or even ignored at the point of sale,” the attorneys general say in the letter. “In order to better protect consumers, the chip-enabled cards issued in this country must be reinforced with the requirement that consumers enter a PIN to verify the transaction.”

Without requiring a PIN, they wrote, they are leaving consumers more vulnerable to data breaches that can result in personal information being stolen.

Jepsen said his office received about 515 data breach notifications during the 2014-15 fiscal year – about 42 notifications a month – in which roughly 2.5 million state residents were affected. Of those breaches, 253 involved “compromised credit and debit card information,” according to Jepsen’s office.

“No technology will prevent all credit card fraud, but chip-and-PIN promises to substantially curtail lost and stolen card fraud and the disruptions it causes to consumers and businesses,” Jepsen said.

The National Retail Federation trade group cheered the move by the attorneys general.

“This is further proof that top law enforcement officials and security experts agree that continued reliance on an illegible scrawl isn’t good enough to protect American consumers when the technology of a secret, secure PIN is readily available,” Mallory Duncan, the group’s senior vice president and general counsel, said in a statement.

“Banks and credit card companies should heed the advice being given them immediately implement chip-and-PIN,” Duncan said. “That’s the standard used around the world and U.S. consumers deserve nothing less.”

In September, NRF released a survey results that found most American consumers do not feel new chip-and-signature cards do enough to prevent fraud. In an online survey, the group polled 2,035 adults nationwide and 62 percent said they prefer chip-and-PIN cards to those using chips and signatures.

Since 2013, the United States “has accounted for about half of the global loss from fraudulent transaction,” according to Jepsen’s office, despite being responsible for just a quarter of total credit and debit card payments.

By the end of this year, there will be more than 1.6 billion chip cards in use in 80 countries, and places like France, Canada and the United Kingdom have seen drastic declines in credit card fraud since adopting the new technology, Jepsen said.