ATLANTA (AP) — Visa and MasterCard are using security measures prone to fraud, putting retailers and customers at risk of hacking attacks by cyber thieves, The Home Depot Inc. says in a new federal lawsuit.
It’s the latest giant retailer to raise serious concerns about security with its lawsuit filed this week in U.S. District Court in Atlanta. Last month, Arkansas-based Wal-Mart Stores Inc. sued Visa Inc. over similar issues.
Atlanta-based Home Depot says new payment cards with so-called “chip” technology, rolled out in the U.S. in recent years, remain less secure than cards used in Europe and elsewhere in the world.
Even with chips, U.S. cards still rely on customers’ hand-written signatures for verification, rather than more secure Personal Identification Numbers, or PINs, Home Depot maintains.
“We are aware of the complaint and will respond in due course,” Visa said in a statement Wednesday.
MasterCard representatives didn’t immediately return calls and emails seeking comment.
A central issue in Home Depot’s lawsuit is the retailer’s accusation that Visa and MasterCard are conspiring to prevent adoption of more secure technology in order to maintain market dominance and profits.
“For years, Visa and MasterCard have been more concerned with protecting their own inflated profits and their dominant market positions than with the security of payment cards used by American consumers and the health of the United States economy,” Home Depot states in its 138-page lawsuit.
About 80 nations use cards with chips, and most of them — including England, France and Australia — also require a PIN rather than a signature, Home Depot said.
“Such cards offer an extra layer of security beyond the chip itself, by requiring the user to enter a four-digit PIN, thereby ensuring that the individual using the card is the card’s owner,” Home Depot states in its lawsuit. “Signatures can be copied or forged, and cashiers are not handwriting experts trained to identify forged signatures.”
As a result, U.S. consumers and merchants such as the Home Depot pay fraud-related costs that are “unrivaled in the rest of the industrial world.”
In September 2014, Home Depot told its customers that 56 million debit and credit card numbers were compromised in a breach of its computer systems, and later said hackers also stole 53 million email addresses in addition to sensitive data from the cards. Several other retailers, such as Target stores, have also reported huge data breaches involving payment cards in recent years.
The lack of PIN requirements in the U.S. could lead to even greater fraud in the future, as more transactions shift to online payments, where no physical card is presented.
Last month, Wal-Mart said in a lawsuit that Visa won’t allow it to let its customers verify chip-enabled debit card transactions with PINs rather than the less-secure signature method.
“PIN is the only truly secure form of cardholder verification in the marketplace today, and it offers superior security to our customers,” a Wal-Mart spokesman told The Associated Press after its lawsuit was filed last month in the New York State Supreme Court.