GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Global acquiring – Part 2

News

Industry Update

Vantiv goes vertical with Mercury

Trustwave finds fraud diversifying

Game on, ISOs

California senate to vote on statewide EMV mandate

Views

The four pillars of m-payments

Voice from Transact - Part 2

EMV is coming, but when, and is it really necessary?

Patti Murphy
ProScribes Inc.

Education

Street SmartsSM:
Pizza pies and basis points

Tom Waters and Ben Abel
Bank Associates Merchant Services

Employee versus independent contractor

Vicki M. Daughdrill
Small Business Resources LLC

Think like a marathon runner

Jeff Fortney
Clearent LLC

Company Profile

Total Merchant Services

YapStone

New Products

Real-time pricing for ISOs

PriceGuide
Digital Management Inc.

Enterprise-class mobile POS

VT4
Shift4Corp.

Departments

Readers Speak

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

June 09, 2014  •  Issue 14:06:01

previous next

Insider's report on payments:
EMV is coming, but when, and is it really necessary?

By Patti Murphy

Widespread implementaion of Europay/MasterCard/Visa (EMV) is expected in 2015, and with it, huge reductions in card fraud. So where is my chip card? Of the five cards I carry in my wallet – one credit, three debit and a prepaid card – not one has been replaced with an EMV-compliant card, even though two have been replaced over the past year due to data breaches that may have compromised the accounts. I know I'm not alone.

EMV is a global standard for the interoperability of chip cards capable of authenticating payment card transactions at POS and ATM locations. It is supposed to replace mag stripe card use at retail POSs. EMV has had broad adoption, though not in the United States. Worldwide, more than 2 billion EMV-compliant chip cards are in circulation, according to EMVCo, the organization behind the standard, which also claims there are over 37 million EMV-compliant POSs around the globe.

U.S. retailers have until October 2015 to become EMV-compliant; gasoline stations with automated fuel dispensers get additional time. Thereafter, if a breach or other fraudulent activity involving debit and credit card data occurs, the liability gets pinned on whichever party isn't EMV compliant: issuers who failed to issue EMV-compliant cards or retailers without EMV terminals.

Implementation slow, costly

Target Corp., still smarting from a massive 2013 data breach, is the first big retailer to put significant support behind EMV. It expedited plans to move its proprietary credit and debit cards to EMV-compliant chip and PIN technology, in partnership with MasterCard Worldwide. The giant retailer also said it will have EMV-compliant POS devices in place at all its outlets by September 2014.

Target is an exception, however. Research by First Annapolis Consulting revealed most merchants are unaware of EMV and unprepared for the 2015 deadline. In April, the consultancy surveyed 200 U.S. merchants from a diverse set of verticals, although the restaurant and retail sectors accounted for 28 percent of respondents. The sample was also skewed toward larger merchants, with 40 percent reporting $100 million or more in revenues, First Annapolis noted.

Here are some of the findings:

"Clearly, it is early days for the U.S. EMV migration and, among all the other migration activities, the industry continues to face a significant educational challenge in the merchant market," wrote Marc Abbey, a partner, and Scott DeHaven, a consultant, at First Annapolis.

Nick Holland, Senior Analyst, Payments at Javelin Strategy & Research, echoed that sentiment. "With exactly 18 months to go until the EMV liability shift for merchants and issuers, clearly a great deal of work remains if the U.S. card payment industry is to smoothly transition from magnetic-stripe cards to chip cards," Holland said. "Before the shift can take place, the industry needs to focus on primarily educating consumers and merchants, while in tandem developing a roadmap for retiring the magnetic-stripe from card payments."

The author of a Javelin report titled EMV in USA: Assessment of Merchant and Card Issuer Readiness, Holland predicted that by the end of 2015, more than 166 million EMV credit cards will be in circulation in the United States (about 29 percent of all credit cards). EMV-compliant debit and prepaid cards should number about 105 million (approximately 17 percent of all debit and prepaid cards) by then. Holland expects ubiquity – which he defines as 96 percent of credit and 98 percent of debit and prepaid cards being EMV compliant – will take until the end of 2018.

Cost is a primary reason for lagging card issuance. By most estimates it costs about $3 to produce a chip card compared with less than a dollar to produce a mag stripe card. Terminal upgrades are costly, too.

Still no panacea

EMV cards are considered more secure than traditional mag stripe cards, but it's not a cure-all, said Daniel Chatelain, founder and Managing Director of BayPay Forum, an international association of payment professionals. He said most EMV cards have mag stripes in addition to chips and, as a result, can still be cloned and used fraudulently, particularly in card-not-present situations.

That's what happened after EMV took hold in Europe, said Chatelain, a native of France. Some fraudsters skimmed mag stripe data from cards used at ATMs; others simply intercepted new EMV-compliant cards and PIN notices that were being mailed to cardholders. As long as credit and debit cards are manufactured with mag stripes and POS terminals can read mag stripe cards, they can be cloned and used to commit fraud, Chatelain said.

Chatelain considers EMV more a "philosophical argument" than a technology for securing card payments. He believes it's not much more than a set of rules, like the Payment Card Industry Data Security Standard, with consequences only when things go awry, and in a public way. "The payments industry needs to figure out a way to make card payments more secure without putting onerous rules in place," Chatelain said.

One option – Chatelain's preference – would be moving to dynamic mag stripe technology. It seems that every mag stripe has embedded in it biometric-like information that can be likened to fingerprints. It comes from the manufacturing process and has to do with the distribution of particles on the stripe. These unique particle patterns can be identified with a high degree of accuracy as a card is swiped through a reader, industry experts have found. The same goes for swipes: apparently, no two swipes of a mag stripe are precisely the same, which means fraud could be easier to spot if terminals were retrofitted to employ dynamic mag stripe technology.

Just like EMV, dynamic mag stripe technology may not be a panacea; but unlike chip and PIN security, implementing it would be cheaper and easier for everyone involved.

Patti Murphy is Senior Editor of The Green Sheet and President of ProScribes Inc. She is also the founder of InsideMicrofinance.com. Email her at patti@greensheet.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Super G Capital LLC | Humboldt Merchant Services | Impact Paysystems | Electronic Merchant Systems