Walmart is in the process of rolling out a security policy and guidelines that require consumers to punch in their three-digit security code for purchases over a certain price threshold, KRPC in Houston reports.
The new policy, which was agreed upon between the company and several card issuers, is an attempt to cut down on credit card fraud, a company spokesperson says.
Often after credit card information is taken during a data breach, thieves create phony cards with the legitimate accounts. Since thieves don’t generally obtain three-digit security codes through breaches, so requiring customers to enter that code would cut down on fraudulent purchases.
Chris Bronk, a Rice University Baker Institute Fellow in IT Policy tells KRPC that Walmart is doing the right thing with their new policy.
“It really is a necessity at this point, because credit card fraud, thanks to the cyber vector, is worse than ever before,” he says.
However, Bronk says for the company to maintain consumer privacy protections it would need to store account numbers and the codes separately.
Once credit card issuers switch to the more secure chip-and-pin cards, also known as EMV cards, Walmart says it will stop requiring consumers to enter their three-digit security codes.
The EMV (short for “Europay, MasterCard and Visa”) technology cuts back on card fraud because the chips make cards significantly harder to clone: even if you get all of the information from a card’s magnetic strip, as through a skimmer, without the chip actually being present the card data is useless in a physical transaction.
However, while the use of EMV technology in a card does make it more difficult to clone a card for in-person transactions, it doesn’t necessarily prevent an ID thief from using stolen card numbers for online or phone purchases. There is no such thing as a card that is 100% safe from clever criminals.
Renewed interest in chip-and-PIN cards began shortly after a string of data breaches occurred at national retailers. More than 110 million Target customers were affected in a breach during the 2013 holiday season. Neiman Marcus and Michaels both fell victim to hackers during the early months of 2014.
Last month, Target announced that starting next year the company’s REDcard debit and credit card — along with a separate Target credit card that is currently co-branded with Visa — will be reissued with the MasterCard chip-and-pin technology. In anticipation for the change, the company has already begun installing new card readers at its registers.
While KPRC reported that the policy is new, a spokesperson for Walmart tells Consumerist the retailer has actually been requiring the additional information for credit card purchases exceeding certain dollar thresholds for nearly a year.
New security guidelines for Walmart customers [KRPC Houston]