US gears up for EMV switch deadline

Despite the fact that the majority of Americans still do not have EMV payment cards ahead of tomorrow's deadline for a switch from magstripe, an industry taskforce insists that the migration is "on track".

  12 16 comments

US gears up for EMV switch deadline

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Under a roadmap set out in 2011 by Visa and MasterCard for the introduction of chip cards, liability for fraud-related losses switches to retailers that have not upgraded their hardware on 1 October.

According to the Payments Security Task Force (PST), a cross-industry group set up by the two card giants, momentum is building as that deadline looms.

Yet the group's eight financial institutions report that just 30% of their consumer credit and debit cards contain EMV chips as of 30 June, and predict that this will hit 60% by the end of the year and not reach 98% until the end of 2017.

Meanwhile, despite the liability shift, a survey of PST acquirers shows that just 40% of their terminals will be capable of accepting EMV cards by the end of the year.

Last year the US accounted for nearly half of all gross losses worldwide on plastic cards as it paid the price of failing to follow much of the rest of planet in introducing EMV standards.

Public awareness of the dangers of card fraud have also soared thanks to a series of recent massive, high profile data breaches at the likes of Target and Home Depot. A recent survey for AP found that nearly 40% of respondents are extremely or very concerned about their personal information's security when making instore purchases, rising to 45% for online shopping.

But the same survey also found that only one in 10 respondents had received a new chip credit or debit card in the mail in the last few months. Of those that had received a chip card, 30% said they did not know how to use it and just 35% had used it in a chip card reader.

Despite this, Ryan McInerney, president, Visa, says: "The speed at which merchants are installing chip-enabled terminals and financial institutions are issuing chip cards demonstrates the industry’s commitment to investing in technology to protect consumers."

Sponsored [Webinar] Trusted Transactions: The Future of Risk-Based Authentication

Comments: (16)

A Finextra member 

I hope the U.S. implements chip and "PIN" eventually. This will really drive down losses at brick and mortar locations.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Chip+PIN is a solution seeking a problem for USA (although it's a solution solving a real problem in ROW).

Mitigating Fraud Does Not Pay The Bills

A Finextra member 

Chip + PIN has real value. It could reduce fraud losses by $$$ billions. Now that there is a liability shift for losses in the U.S., merchants and banks need to push this. This liability shift will cost them even more in terms of total card acceptance costs if they do not do pin! Remember the U.S. has the highest interchange rates which means the highest merchant acceptance costs in the world. The merchants need a big break. Enough is enough! Disrupters are planning alternatives to today's high merchant acceptance costs. New P2P, P2B and B2B schemes will disintermediate the U.S.'s card business due to high merchant acceptance costs caused by high interchange rates and a shift in the liability rules. The banks should be all over the pin thing as a way of creating value for the merchants. Perhaps this will enable them to maintain interchange rates.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

"reduce fraud losses by $$$ billions". Whoa! I'm struggling to understand how that's possible when total card payment volumes are of the order of magnitude of $$$$ B and fraud levels are $ B only. Disruptors have been planning alternatives to high MSC / MDF for years but there isn't even one that I can think of that has come up with a viable solution that costs less for merchants. 

Vineet Anand

Vineet Anand Director Business Dev at Company

Adding a bit more perspective - 24% of global card volume is from U.S and US contributes to 47% of global fraud. In 2014 that number was $6.7Billion with nearly $6billion shared evenly between CNP and counterfiet fraud. I have been working on EMV technology since 2003 and have lead market migrations in Asia; there will be a immediate shift to CNP in large numbers. 

Globally most countries offer Chip and sign and NOT Chip and PIN. US will be adopting with most issuers Chip and sign. EMV is a 12+ year old technology and does not solve for CNP, which is where the growth is occuring as Omni-channel demand and eCommerce grows. Android Pay, Apple Pay, Samsung Pay are mobile retial solutions that use tokenization and P2PE - thus for those transaction EMV does not help much, rather these alternative mobile 'Pay' forms and contactless will drive growth. 

In addition, Millenials are averse to useing cards in US and other developed markets.. add the piece around CHIP and PIN.. you create an additional layer of potential friction for them. 

Summary - Chip and PIN has limited adoption globaly; US moving to Chip and Sign; It has been proven fraud will move to CNP and balloon since CNP / mobile growth is occuring at a rapid pace; EMV 3DES specs and other biometric solutions are needed to curb fraud levels globally; P2PE and tokenization are helping issuers; focus on new age millenial consumers that are now joing the workforce in mainstream numbers and solutions that help adopt card whilst reducting friction at point of sale! 

Just a thought! 

 

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

I love the way Stripe writes off 3DS: "at Stripe we've so far opted not to support 3D Secure since we believe the costs outweigh the benefits." More at https://support.stripe.com/questions/does-stripe-support-3d-secure-verified-by-visa-mastercard-securecode.

A Finextra member 

Another perspective of this is that European banks' investment in Chip and PIN has been less successful than it could have been because of Americans dragging their feet. European cards still have mag stripe and European banks experience massive fraud on cards used in the U.S while European domestic CP fraud with chip and PIN is almost zero.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Early reports of Chip + Signature in USA point out one more cultural factor that poses a hurdle to this technology in USA: 

"Some people are experiencing a 20 second wait times with these chips," said Avivah Litan, vice president and analyst at Gartner Research. "We're a more rushed society than anyone else. So me, I'm going to be a little mad when I have to wait longer at checkout. You have to wait until the very end to get your card." 

As I'd predicted in my post, some retailers are expecting customers to prefer cash because of the delay in processing chip cards: 

"Litan says retailers who have met the deadline will likely ... create cash-only lines." 

So, ironically, a security measure that is intended to increase security and make people more comfortable about using cards is actually driving them away from cards and towards cash!

http://www.nbcnews.com/business/consumer/chips-dips-tips-5-potential-problems-new-credit-cards-n436511

A Finextra member 

Sounds like a bad implementation if it takes 20 seconds. My experience is that card payments is faster than cash.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

In my experience, chip card processing time ranges from 10 to 50 seconds. Implementation, network, bandwidth, level of education of how to dip a Chip card, blah blah blah - these are all factors that, along with the basic technology, make up the overall "solution" that is experienced by a retailer and consumer. As long as the solution delivers a bad CX, adoption will suffer - regardless of whether the problem is with the technology or surrounding factors. Especially in USA where, in my experience, businesses care a lot more about delivering a great CX than ones in most of ROW.

Vineet Anand

Vineet Anand Director Business Dev at Company

20 seconds is a bit of an exception as have not seen that personally. Most retailers are very sensitive to customer experience(CX) and will not deploy solutions unless certain QA standards are met. Also, not most retailers are not just deploying EMV but also introducing P2PE to avoid Target like issues. We are on the cusp of the mot busy season for retail sales and no retailer in my opinion will jeopardize sales driven by poor customer experience. 

As mentioned earlier there is lots of media and social commentary over the next few months on chip card acceptance and experiences. This unusual experience of 20 seconds is not uncommon, have seen this happen across the globe as EMV has been implemented... as an example UK EMV had similar issues and customers were complaining. 

This is a journey for both card users and check-out associates ... there will be a nice learning curve and will only 40% of retailers using EMV, we have a long way to go! 

 

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

The 20 second processing time is attributed to a Gartner analyst quoted in the NBC article cited in my earlier comment. We can keep debating about whether it's an "exception" or "unusual" or "not uncommon" but the decision of Panda Restaurant Group with 1800 restaurants to eschew EMV altogether because its fraud losses are too small to justify the cost of POS upgrade for accepting chip cards (cf. http://www.bloomberg.com/news/articles/2015-10-01/credit-and-debit-cards-lag-on-emv-upgrades) brings us to the heart of the debate: How do regulators / businesses view fraud - or CX or quality or any other basic attribute of running a business?

On the one extreme, there are retailers like Nordstorm and Zappos who hold CX above all. On the other extreme, there are regulators and / or businesses who hold fraud prevention above everything else (cf. The Indian regulator RBI went on record saying, "security first, convenience next"). In between these two extremes lie companies like Panda who consider fraud as another cost of doing business. Nothing right, nothing wrong, we’re where we are.

As Panda's decision illustrates, there's no guarantee that we'll even go all the way ever! Especially because, as I'd highlighted in Mitigating Fraud Does Not Pay The Bills, leading merchants in USA like Amazon have not implemented 2FA for online card payments despite (a) FFIEC issuing guidelines for it way back in 2005, and (b) ROW having done so several years ago.

A Finextra member 

Again, 20 seconds are way too long and should have been fixed. Personally I understand retailers that choose what's best for them but make no mistake: Giving a so-called great UX in the shop comes at a cost somewhere else. Businesses that chose not to implement EMV are funding criminals and terrorists globally. I KNOW that the timing issues can be solved and just running away from EMV is not the answer.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

American Retailers can handle every cost as long as they earn revenues, which can happen only in one place, namely, their stores, and in only one manner, namely, by giving a great CX (at least in USA). If retailers not implementing EMV are really funding criminals and terrorists, FBI and DHS will go after them. While vendors have the luxury of saying "should have been", "can be", and so on, retailers face the harsh realities of using solutions as they're delivered today and are fully justified in evaluating ROI of EMV investments. As Panda has done and found that their fraud loss is too small to justify the cost of EMV POS upgrades.

Vineet Anand

Vineet Anand Director Business Dev at Company

@Ketharaman, A couple of things:

- Gartner analyst quoted with 20 second processing timeline, there is not mention of the 40% converted merchants how big was his/her sample size, # of trxs.

- EMV will be a long journey here in the US both at retailers that have the right to choose and make their own decisions based on level of fraud, savings, impct on CX, timing for bringing change since holiday season starts very soon.

- Panda like any other retailer/merchant/SME has a choice to use EMV or not and they have decided not to do so as a business decision. 

- Amazon has the lowest fraud levels build into their one-click and Amazon payments engine. Their fraud levels are lower than CP transactions at retailers and thus demand a lower interchange fee ... far lower than CNP. 

- As a business the regulartor, unlike in India conforming to RBI 2FA, does not indulge in pushing one solution or the other. And I agree with that approach as EMV is just one of the tools in the larger fraud management toolkit and as you consider biometric, tokenization, 2FA, P2PE, machine learning transaction management; EMV is no silver bullet

In essence, merchants have a right to make a business decision to choose EMV or other tools to manage/deter fraud. CRIND's will have another 2 years for EMV liability shift and ATM providers have another year; the CRIND and ATM's are high prone to counterfiet fraud - it makes more sense for the merchants/ATM providers to move to EMV. 

I have worked with retailers in US and other countries, it is a balancing act between fraud and check-out times. All big retailers have very clear QA and KPI's with the processors, which undertake rigrous stress and latency tests before deploying EMV. Having worked with hign street retailers, customer experience is not negotiable and have been working with processors on EMV to ensure transaction times are withing KPI limits. 

A Finextra member 

@Ketharaman: Reason is not always in the front seat in politics. Since 2001 150.000 people has been killed by hand guns and 33 in terrorist attacks in the US. Guess where the billon dollar budgets goes?

The US government accept the fact that a large fraction of global card fraud takes place in the US. They could have regulated the payment industry into another directon but they haven't. It seems like everybody in this thread accept that +20 second is normal but it's not. Payment systems in many other countries does not have these problems. Maybe it's time to look elswhere for solutions?

[Webinar] Money Mule Defence: Practical Applications and the Role of TechnologyFinextra Promoted[Webinar] Money Mule Defence: Practical Applications and the Role of Technology