By now, we know that fraud related to counterfeit cards has essentially been eliminated in countries where EMV has been widely adopted. Incidences of two other types of fraud – lost/stolen and card-not-present fraud – have also been reduced in these areas, specifically where chip and PIN is required. Therefore, while most U.S. issuers have so far opted to issue EMV cards that require only a signature for cardholder verification (to reduce their cost burden), chip and PIN is likely on its way to becoming a standard in the U.S. and in many other countries.
EMV CARD NETWORK ROADMAPS
The major card brands have published road maps for the EMV transition, charting timelines and penalties for those that do not comply. The below figure shows four common milestones for the POS conversion, addressed by four major U.S. networks on the roadmap for introducing EMV to the U.S. market.
EMV ADOPTION IN THE U.S.
The complete migration of POS terminals will lag reissuance of credit cards by a few years, says Mercator Advisory Group. However, they expect 58 percent of general purpose credit cards will be EMV compliant by the end of 2015, a significant increase from the 3 percent of cards they estimated to be compliant by the end of 2013.
In 2016, Mercator estimates that U.S. consumers will complete EMV transactions totaling $950 billion using credit cards alone.
A much smaller percentage of debit cards than credit cards will be EMV compliant in 2015 – Mercator estimates between 10 and 15 percent. However, Visa and MasterCard have led the development of a common EMV application identifier (AID) to support routing between PIN and signature networks. All of the major debit networks have already adopted the common aid, and in September 2014, Bank of America announced the first large-scale conversion to EMV debit in the U.S.
THE IMPACT OF EMV ON MERCHANTS
While some say emerging technologies will be the major disruptors in the payments space, it will likely be the more familiar EMV technology that will have the biggest impact on the retail industry, according to the whitepaper. Merchants are concerned with implementation – specifically, costs and consumer experience. While there’s not much they can do about costs, they do have more control over how they manage the customer experience. With EMV, checkout times will be slower than they currently are, and POS terminals will take more time to read a chip than a magstripe.
Elsewhere, in the growing world of contactless payments, Apple Pay reignited interest in NFC as a mobile payments technology. The app showed that NFC-based mobile wallets don’t have to be as “awkward or slow” as some previous wallets. Apple Pay, however, is just the first implementation of the card networks’ tokenization initiatives to improve payment security. According to the whitepaper, merchants should certify contactless payments now so they can quickly accept these payment methods as they become available.
WHAT’S IN A GOOD SECURITY PARTNER?
Because EMV implementation can be perceived as extremely challenging, processors break down what a merchant should look for in a security partner:
- Processors that have experience in EMV processing, as EMV development, certification and testing is time-consuming and can be frustrating.
- Processors that have been designated as certified agents, allowing merchants to deal with one authorized party, minimizing cost and delay in waiting for network certification for compliance.
- Processors that support multiple EMV devices, as integrated payments software adds another layer of complexity to EMV implementation.
Payments security, however, is much bigger than just EMV. A layered approach must therefore be taken. Merchants that implement the below approach, which includes EMV, encryption and tokenization, will benefit from reduced PCI-compliance costs and greatly reduce liability in the event of data theft or loss.