By Jim Bibles
There has been a lot of talk lately about how Europay/MasterCard/Visa (EMV) and near field communication (NFC) chip cards are going to impact the industry. Most of this has been directed at consumers and merchants; the impact it will have on the acquiring community has not been discussed.
Let me assure you, this impact is going to be significant from both an operational and a risk management perspective. Those who have been around enough years to have experienced the conversions to Derived Unique Key Per Transaction- and "truncation"-capable terminals know what you're in for when it comes to upgrading terminals for your entire portfolio and the resistance that will come from your merchants: I just upgraded my terminal five years ago. Why do I have to do this again? You're just trying to rip me off. If you joined the acquiring industry after these conversions occurred, welcome to the party.
From a risk management perspective, there will be some gains, but new risks are associated with the migration. The biggest risks will be related to fraud migration to the card-not-present (CNP) and e-commerce channel, and the shift of fraud liability to the party that has the least secure technology at the POS.
This initiative is not all doom and gloom from an acquiring standpoint. Some relief is built into the card company mandates. It will also facilitate the ability for acquiring entities to integrate closer with their merchants by offering value-added services, such as couponing, loyalty and data mining services. In the end, these will increase both customer retention and revenue.
The EMV standard was developed to ensure global interoperability for chip-based payment transactions. The key element of EMV involves the inclusion of dynamic digital data in every transaction. This makes these types of transactions extremely secure and reduces the risk of fraud.
NFC is a short-range, high-frequency wireless communication technology commonly used in contactless cards and mobile phones, as well as for passive radio frequency identification (RFID). Mobile payment applications include retailing, public transportation ticketing and interactive advertising.
Duality, in this context, is the ability to accept either EMV or NFC transactions through the same POS device. All card brand mandates require that merchants be able to accept both EMV and NFC in order to be exempt from fraud liability, to reduce Payment Card Industry (PCI) Data Security Standard (DSS) validation requirements, and to participate in MasterCard Worldwide's Account Data Compromise (ADC) relief program.
The transaction flow with EMV and NFC payments is much the same as the traditional transaction flow, except for the addition of dynamic authentication and the chip technology that allows the issuer to transmit a unique card verification value with each transaction. This makes it virtually impossible to counterfeit the card if the transaction data is stolen.
While this technology is only available in the card-present environment at this time, it should be noted the card companies are working with computer manufacturers to expand dynamic authentication into the e-commerce space in the near future.
The acquiring community needs to consider several issues when facilitating the transition to EMV- and NFC-capable payment acceptance technology. These include the following:
Following are important past and future milestones in the U.S. transition to EMV/NFC payment acceptance technology:
Oct. 1, 2012
American Express Co., Discover Financial Services, MasterCard Worldwide and Visa Inc. eliminate the requirement for eligible merchants to annually validate their compliance with the PCI DSS for any year in which at least 75 percent of the merchant's transactions originate from chip-enabled terminals.
April 1, 2013
Visa and MasterCard require that all acquirers and sub-processors make the necessary changes to their systems to ensure they are able to fully process EMV transactions.
Oct. 1, 2013
MasterCard sets ADC relief for merchants who process more than 75 percent of their transactions from an EMV/NFC-capable terminal - 50 percent reduction in card reissuance and fraud reimbursement to issuers.
Oct. 1, 2015
AmEx, Discover, MasterCard and Visa intend to institute a U.S. liability shift for domestic and cross-border counterfeit card-present POS transactions. This liability shift will mean that the entity with the lowest form of technology in the transaction will be liable if the transaction turns out to be fraudulent. For instance, if a fraudulent transaction occurs and the card involved in the transaction was either issued as an EMV- or NFC-capable card and the merchant is not EMV/NFC-capable, then the merchant will pay for the fraud.
Oct. 1, 2015
MasterCard increases ADC relief for merchants that process more than 75 percent of their transactions from an EMV/NFC capable terminal - 100 percent reduction in card reissuance and fraud reimbursement to issuers.
Oct. 1, 2017
AmEx, Discover, MasterCard and Visa expand liability shift to be effective for transactions generated from automated fuel dispensers.
Jim Bibles, Vice President, Business Development at Aperia Solutions, is highly regarded as a payments risk expert. He has excelled at developing and implementing risk-based compliance tools and programs for acquirers and ISOs of all sizes and is widely considered to be an expert in the field Payment Card Industry Data Security Standard compliance. Contact him at firstname.lastname@example.org.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next