Credit card signatures to be phased out in Australia

Australians will need to get used to using their PIN for credit card purchases, with signatures set to be phased out from the middle of 2014.

In a bid to crack down on fraud, Australia's card payments industry has moved to phase out the decades-old practice of signing to verify purchases from August 1 this year.

The changes won't affect online purchases, but will apply to all transactions over a point-of-sale (POS) terminal.

"All Australian cardholders will need to know their credit and debit card PINs by August 2014," said Nicole Pedersen-McKinnon, the spokeswoman for the payment's industry's PINwise campaign.

Pedersen-McKinnon urged people who did not already have a PIN for their card to get one well before the August deadline, to avoid any problems during the transition.

Australian Retailers Association spokesman Russell Zimmerman said the move would make card payments safer.

"The phasing out of signature verification will help protect consumers and retailers alike from fraudsters," he said.

Zimmerman said Australian credit card fraud runs to about AU$81 million per year, most of it on credit cards where it isn't necessary to enter a PIN.

However, the move to a PIN-focused system does not mean that it is a completely safe option, as recent malware discoveries in point-of-sale terminals in the US can attest.

Last month, retail giant Target confirmed a breach where 40 million customers had their name, credit or debit card number, and the card expiration date and CVV (the three-digit security code) stolen. Earlier this month, Target went on to reveal that the names, mailing addresses, phone numbers, and email addresses for up to 70 million people were also stolen along with payment card data.

Target CEO Gregg Steinhafel subsequently said that the company had established that its POS machines were infected with malware, and that an investigation into the breach was ongoing.

"What we do know is that there was malware installed on our point-of-sale registers. That much we have established. We have removed that malware so that we could provide a safe and secure shopping environment," he said.

While Target and Neiman Marcus are the only currently named retailers suffering from POS malware, intelligence company IntelCrawler said that Target's infection was due to a piece of off-the-shelf malware dubbed BlackPOS, and that the first locations of BlackPOS infection were in Australia, Canada, and the United States.