A Thing
The Green SheetGreen Sheet

Tuesday, February 19, 2013

Reservations about EMV security, timeline surface

Doubts regarding the viability of the Europay/MasterCard/Visa (EMV) global standard for chip card interoperability, as well as concerns about aspects of its U.S implementation timeline, surfaced recently.

Douglas King, a Payments Risk Expert in the Retail Payments Risk Forum at the Atlanta Federal Reserve, indicated in a Feb. 11, 2013, Atlanta Fed blog post that he doubts the business case can be made for EMV as a fraud prevention tool, even though the card networks' liability shifts for counterfeit transactions is only two years away.

EMV alone not adequate

King said concern is increasing that effective EMV implementation around the world is driving card fraudsters to the United States, where unsecure mag stripe cards are still the norm for consumer card-based payments. But King noted that fraud loss for most companies, though growing, still doesn't have nearly as much negative impact on their bottom lines as credit card charge-offs from uncollected debt.

In addition, he said EMV does not address card-not-present (CNP) fraud. "CNP fraud continues to rise because EMV does not effectively prevent it in today's online environment," he said. EMV chip and PIN introduction in Canada in 2008 resulted in CNP fraud more than doubling to $285.4 million by 2011, King reported.

"Ultimately, EMV as it exists today only solves part of the fraud equation," King stated. "Until a cost-effective and consumer-friendly CNP fraud reduction solution gains traction, I believe a business case for EMV built around fraud losses will remain difficult to build." King also called EMV issuance and acceptance so far in the United States "tepid" at best.

Trade association pushed for delay

A Feb. 15, 2013, letter signed by the National ATM Council, a trade association representing independent U.S. ATM providers, their suppliers, and 36 member organizations representing ATM deployers, processors and manufacturers, requested that MasterCard Worldwide delay its card liability shift until the industry adopts a universally accepted application identifier (AID) that meets the debit routing requirements of the Durbin Amendment to the Dodd-Frank Act of 2010.

The Durbin Amendment requires a routing choice of at least two independent debit networks for every debit transaction. The NAC said it needs time to test and deploy an AID and related hardware and software upgrades for the more than 425,000 EMV-compliant U.S. terminals.

The organization said MasterCard has bred confusion in the marketplace by issuing two conflicting directives. One directive issued by the card brand in September 2011 called for a fraud liability shift beginning April 19, 2013, to EMV-noncompliant ATM operators for counterfeit ATM transactions on its Maestro network. Then, in September 2012, MasterCard said it will implement its liability shift Oct. 1, 2016.

The NAC requested that MasterCard clarify its liability shift plan and align its liability shift "and all other domestic debit cards" with Visa's Oct. 1, 2017, EMV implementation deadline.

"There is no financially or operationally realistic way the U.S. ATM embedded base can be expected to be made EMV compliant in the timeframe involved," Bruce Renard, NAC Executive Director, said. "We are hopeful MasterCard will acknowledge these realities and reconcile its timetable accordingly." end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing