It has been almost a month since EMV’s adoption began here in the United States, and many consumers are still unaware of this massive change in the payment ecosystem. While you would be hard-pressed to find a payments expert who would classify the EMV shift as a disaster, when it rains, it pours.
Governmental agencies have issued warnings regarding the security of the card, EMV re-issuance is being attributed to missed earnings for some retailers, consumers are not educated on how to use their new cards and non-compliance fees will begin to hammer merchants that are not able to accept. Before we dive into these EMV headlines, let's go over a quick recap of EMV’s payment solution.
EMV stands for Europay, MasterCard and Visa, its original champions. This payment technology embeds a microchip containing unique cardholder information, including cardholder name, card number and expiration date. Unlike traditional magnetic stripe cards, EMV cards transact by ‘dipping’ the chip into an EMV-capable point-of-sale (POS) terminal after asking the cardholder to enter a PIN to authenticate the transaction. As that process occurs, the card then verifies the PIN and sends a unique transaction code. Unfortunately, the U.S. will implement chip-and-signature, requiring a signature instead of a PIN to authenticate a transaction. While this method of payment is more secure than traditional magnetic stripe cards, there are still security risks associated with this 15-year-old technology.
Less than 10 days after the EMV migration began, the Federal Bureau of Investigation (FBI) issued a warning of the potential security risks associated with the new payment cards. In the press release, the FBI warned EMV-enabled cards can still be used if lost or stolen in stores, or through online purchases. Fraudsters are in a constant game of cat and mouse, trying to break and exploit the latest in payment technology. While raising awareness on the security risks associated with EMV cards should be viewed as, the warning was not well received. Shortly after the warning was issued, the American Bankers Association approached the FBI asking the bureau to revise its original press release to provide more clarity to consumers regarding the use of PINs with chip-enable cards. This lack of education surrounding EMV cards goes deeper than consumers potentially misunderstanding a FBI-issued press release.
In the weeks leading up to the October 1 deadline, ACI Worldwide conducted an EMV readiness survey to see how prepared consumers were for the shift. Nearly 60 percent of surveyed consumers did not know why they are receiving their new payment cards and were unaware of how EMV cards will impact them. In the ACI Worldwide survey, there appears to be a demographic trend directly related to household income. For households with an income of $100K or more, 55 percent of respondents indicated that they had received their EMV cards. But for more respondents that reported a household income of less than $35K, only 20 percent had received their cards. Based on these responses, it would appear that financial institutions are focusing their card re-issuance efforts on high-spending cardholders.
Last week, payment solution provider Ingenico released its latest findings on EMV adoption in a new report focusing on consumer readiness for the new payment cards. In the report, 60 percent of U.S. cardholders reported to have received their new chip cards from their financial institution or card issuer. More than half of those cardholders were unable to use their chip-enabled cards correctly by inserting the card into the Point of Sale (POS) terminal.
This alarming stat is due to a combination of lack of education on EMV from a consumer standpoint and merchant readiness. In September, 62 payment service providers were surveyed by The Strawhecker Group (TSG) to see how ready U.S. merchants were for the October 1 EMV shift. Based on the survey responses, only 27 percent of merchants would be ready to accept chip-enabled cards by October. This number is predicted to jump to 44 percent by the end of the year, but it will take more than two years to see widespread adoption. But now that the liability shift has taken place, merchants and their independent sales organizations (ISOs) will be hit with EMV non-compliance fees.
Once the EMV liability shift took place, the responsibility for counterfeit card fraud losses has moved from the card issuers to merchants when the merchant is unable to accept chip-enabled cards. Some of the largest acquirers are instituting a framework that will charge a non-compliance fee for each merchant that is unable to accept EMV. National Processing Co. (NPC), a sub-division of acquiring leader Vantiv, has segmented these fees into three levels based on merchant risk. These fees will not be implemented until January 2016 to provide ample time for ISOs and merchants to coordinate their EMV adoption efforts. As more and more consumers receive their chip-enabled cards, the frequency at which merchants will be charged non-compliance fees will continue to increase.
We will be wrapping up the month of October, which is also National Cyber Security Awareness Month, in just a few days and there has already been an influx of news stories in connection with the United States’ EMV adoption. While EMV may have gotten off to a rougher start than expected, there is no doubt that processing transactions via the chip-and-PIN method is safer and more secure to use the magnetic stripe cards most consumers are still using.
Want to learn more about EMV and the impact its going to have on the payments ecosystem? Look no further, we’ve compiled our EMV-related blog posts for you to read here.
You have fraud frustrations? We have the solutions. Let's discuss what you are dealing with and we can learn more and share how we can help.