The U.S. Market shift to EMV Technology
Many countries around the world have migrated to the EMV technology which provides increased protection against counterfeit and lost and stolen card fraud by validating the card and the cardholder. This is performed by the card having an embedded computer chip that chip-enabled terminals are able to read.
The U.S. Market has been the holdout, while many countries have completed their migration to the EMV technology, the U.S. Market has delayed theirs. EMV technology began gaining traction back in 2011. In fact, Europe’s migration to EMV payment technology was completed by the end of 2012. Developed by Europay MasterCard, and VISA for chip-based debit and credit cards, Card issuers are using a standard called EMV. Canada began migrating to chip cards and POS (point-of-sale) terminals. Canada’s migration will take place over the next several years, financial institution and processers have their own timelines and strategies for issuing chip cards and rolling out chip terminals.
The long standing business case for migrating to the EMV technology is to combat fraud. The U.S. Market migration to EMV technology looks to address the market’s rising fraud concerns. The U.S. payment card fraud is now roughly at 10 basis points, representing a 100% increase in just the past seven years, the main contributor being CNP (card-not-present) fraud, 45% of the total U.S. Market’s card payment fraud. Adding to growing concern around payment card fraud is the growing online and mobility segments, and the growing fraud percentages within those segments.
American Express, VISA, MasterCard and Discover support the migration to EMV due to several benefits. First and foremost, the reduction of criminal activity associated with card fraud. This has been proven where those countries that have migrated witness a drop in fraudulent transactions.
Current Liability guidelines will be changing for merchants, issuing/acquiring banks and processers. The liability shift means issuers and merchants who are using non-EMV compliant devices while accepting an EMV compliant payment card will be assuming the liability. MasterCard’s definition has been communicated as such, “The party, either the issuers or merchant, who does not support EMV, assumes liability for counterfeit card transactions”.
As of October 2015 Card-present counterfeit liability will shift to the entity that does not support EMV technology. Any magnetic card fraud that has been identified, liability of the financial loss associated with the transaction will go to the entity found not supporting EMV technology, merchant, processer and/or bank(acquire/issuer). Excluded from this liability guideline will be Automated Fuel Dispensers (AFD). Due to the higher expense associated with the AFD payment system, these merchants have an extended deadline for EMV compliance, October 2017. As well, Automated Teller Machines (ATM) will have an extended deadline, October 2017.
Organizations are offering incentives to merchants who migrate to EMV. One example, VISA, MasterCard and Discover are providing incentives such as enhancements to the Payment Card Industry (PCI) compliance validation requirements for Level 1 and 2 Merchants and Account Data Compromise (ADC) program operational reimbursement and fraud recovery calculations. Merchants that deploy hybrid EMV terminals (supporting contact and/or contactless interfaces) will be getting PCI audit relief if 75 percent or more of the merchant transactions are getting captured at hybrid EMV terminals, effective October 2012. Even if the majority of transactions are from magnetic stripe-only cards, if they are performed at hybrid EMV terminals the relief will be recognized.
As for addressing Automated Teller machines (ATM), the counterfeit Liability Shift varies on the dates for compliancy and between VISA, MasterCard, Discover and American express. The main entities behind the EMV mandate have individualized their requirements. Courtesy of SmartCard Alliance, the chart below displays those timelines:
Card payment industry data continues to show the fast paced growth of fraud at both the CNP and POS channels. The entrance of EMV technology assists in addressing the counterfeit fraud, but as we have seen in those countries that have already transitioned to the EMV technology, little impact will be recognized on data compromise, CNP will only be addressed by other “tools in the toolbox”, such as strong behavioral analytics, 3-D secure and tokenization.
The first item on the issuer’s checklist should be removing any sensitive data from their systems. This will prevent any cardholder data from getting into the criminal’s hands when a data breach occurs, which will happen. Having a tokenization process in place will protect your customer’s data and keep your business’s name from any negative press when a data breach occurs, one example being TARGET in late 2013. Item number two, having an effective risk-based authentication in place, like 3-D Secure will prevent having to store such data. Whenever you can reduce the amount of false positives, your increase revenue, as well as, your customer satisfaction levels.