The Green Sheet Online Edition
April 27, 2015 • Issue 15:04:02
EMV migration matrix an asset, chip and PIN a deterrent
As the chip card fraud liability shift deadline looms, support for the U.S. EMV (Europay, MasterCard and Visa) migration has grown, and merchant debates on how to become EMV compliant have brought to the fore the need to demystify EMV implementation and best practices. One such effort, released April 1, 2015, is the EMV Minimum Requirements Matrix.
The spreadsheet, produced by the EMV Migration Forum, has separate sections for U.S. issuers, merchants, acquirers, processors and vendors. Designed to be used as a starting point and baseline, the document illustrates how payments industry stakeholders contribute to EMV adoption and their respective roles in day-to-day procedures.
The EMV Migration Forum is a cross-industry body focused on supporting EMV adoption. Its 175 member organizations include payment and debit card networks, financial institutions, merchants, processors, acquirers, and payments industry vendors and associations. Randy Vanderhoof, Director of the EMV Migration Forum and Executive Director of the Smart Card Alliance, called the minimum requirements document a timely response to numerous issuer and merchant requests for guidance in meeting the Oct. 1 liability shift deadline.
Acquirers harmonize disparate network approaches
Card brands and networks participating in the U.S. EMV rollout include Accel from Fiserv Inc., American Express Co., Armed Forces Financial Network, China UnionPay, Discover Financial Services and its Pulse network, Vantiv LLC's Jeanie Network, MasterCard Worldwide, New York Currency Exchange, Shazam Inc.'s Shazam Network, First Data Corp.'s Star network, and Visa Inc. Each network interprets chip card implementation, deployment timing, and pricing in accordance with its own technology, business model, and organizational structure.
Itai Sela, Chief Executive Officer of Atlanta-based B2 USA, called the EMV Minimum Requirements Matrix a major step forward in simplifying EMV deployment. He described the guide as a useful baseline for issuers while noting some variance in best practices among card brands and networks, reinforcing the need for merchants to work closely with their acquirers.
"Merchants need to follow their acquirers' best practices, which harmonize all of the card brand and network requirements in their respective guides," he said. He added that each U.S. acquirer has produced its own extensive documentation with precise details that remove the guesswork from implementing and sustaining EMV minimum requirements in the United States.
Instructions for reading instructions
The EMV Minimum Requirements Matrix spreadsheet is organized into seven sections, including an introduction, chip card reader requirements for individual payment card networks and a glossary. Each section is further defined with columns for payment card and device requirements, with checkmarks that indicate how each attribute applies to the various payment networks.
Matt Getzelman, Director of PCI Practice at Colorado-based Coalfire Systems Inc., acknowledged that even pared down EMV minimum requirements can be overwhelming to merchants.
"The spreadsheet might initially look like a stereo instruction guide to most merchants," he said, noting that varying approaches by card brands to risk management, security breaches and EMVCo configurations may present challenges during the implementation phase. Getzelman added that merchants "need to rely on their acquirer relationships for interpretive guidance of EMV minimum requirements instead of trying to decipher the EMVCo spreadsheet."
Growing numbers see chip and PIN as deterrent
A study released March 25 by the Association for Financial Professionals, a global society of finance executives based in Washington, DC, revealed that 92 percent of finance professionals surveyed believe that EMV technology will mitigate much of the high-profile payment card fraud that has roiled the U.S. market in recent years.
A majority of survey respondents advocated chip and PIN over chip and signature. AFP President and CEO Jim Kaitz noted this as a "call to action for card vendors." The 11th annual AFP survey was underwritten by J.P. Morgan, and 741 senior level corporate treasury and finance executives participated in it.
The report stated that checks "remain the most-often targeted payment method by those committing fraud attacks. Credit/debit cards are the second most frequent target of payments fraud." Results also indicate that survey respondents "firmly believe" EMV-enabled credit and debit cards will be effective in reducing POS fraud and revealed that 61 percent of survey respondents reported that chip and PIN validation will be "most effective" in preventing credit and debit card fraud.
"EMV is starting to hit its stride, and we are seeing a significant uptick in customer requests for updated technology to meet the October liability shift deadline," said Ian Drysdale, Executive Vice President of North American Sales and Business Development at Atlanta-based Elavon Inc. He added that Elavon works with merchants during every phase of EMV implementation, counseling its customers on the "importance of adopting a layered approach to security, such as encryption and tokenization, to further provide the best cardholder data security available."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.