This time last year, I was warning consumers about the “elephant in the room” during the holiday shopping season. The “elephant” I was referring to was the alarming lack of security whereby consumers had to rely on outdated magnetic stripe and signature credit cards to protect their personal information.

Since then, an October 1st deadline has come and gone whereby banks were to issue new chip-equipped cards and merchants across the country assumed responsibility for upgrading their payment terminals to accept the new cards or face financial liability should a fraudulent transaction occur.

While the transition to chip cards is a step in the right direction, there are still security vulnerabilities that remain this holiday season which have sparked a heated debate between merchants and credit card issuers.

The debate is premised on the fact that banks and credit card companies chose to take shortcuts when issuing the new chip-equipped credit cards. The cards lack a very simple yet important layer of security – a PIN number. The chip cards that are currently being issued did eliminate the magnetic stripe but they continue to use the completely obsolete signature method as a secondary method to authenticate transactions – leaving consumers vulnerable to lost or stolen card fraud.

On the other hand, chip and PIN technology uses a two prong authentication system that allows for the card to be equipped with a numeric passcode which only the cardholder knows – making it considerably more difficult to use a stolen card than merely forging a signature. The chip and PIN system has been in place for years in most developed countries and has drastically reduced fraud.

However, banks and card issuers in the United States have chosen to ignore this fact and once again put profits ahead of protecting consumers. The issue has rightly garnered the attention of state law enforcement officials as they are now exploring why chip and PIN cards have not already been made available to consumers. Recently, nine state attorneys general from across the country wrote a letter to credit card issuers urging them to quickly implement chip and PIN as an important security improvement.

The reasons banks and card issuers give for why they chose not to issue chip and PIN thus far are rather misleading. They claim that they are helping small businesses since chip and signature point-of-sale devices are cheaper than chip and PIN devices, and they have even gone as far as to claim consumers are not capable of remembering a PIN number.

The real reason banks do not want to issue chip and PIN cards is, not surprisingly, their own profit motive. The truth is that transaction fees for signature verified transactions are higher than transactions verified by a PIN. Since large credit card companies like VISA and MasterCard have a lucrative stranglehold on the networks that process signature transactions, they want to protect those networks from the competition of PIN processing networks.

So this holiday, season banks and card issuers will sit back and watch the money roll in, while consumers flood stores with new credit cards that still do not properly protect them and while small businesses across the country rush to update their payment terminals. Using a signature for a credit card transaction instead of a PIN could mean increased consumer fraud and higher merchant transaction fees – both of which are reflected in higher consumer prices for retail merchandise.

Although it would clearly be out of character, it is not too late for financial institutions to do the right thing and heed the urging of state attorneys general to properly protect consumers this holiday season by issuing chip and PIN cards. After all, even the Grinch had a change of heart.

This post is available online at FORBES