Chip cards are coming to America, but ecommerce is another story

 by Anne Leisz of Processing Finder



For the past two decades, banks around the world have been aggressively converting to chip cards and chip reading terminals in an effort to combat rampant fraud with newer technologies – except for banks in the United States. Now at long last, banks, merchants, and the card associations are moving to close this gap in what is called EMV migration. The initials stand for the original players in this drama (Europay, MasterCard and Visa) that adopted standards back in the nineties, only to see the U.S. region resist these efforts at all costs.


What was the cause for delay in migrating to chips in the United States?

It all comes down to the numbers. Our country has the leading land-based telecom infrastructure in the world. Phone calls are cheap, as are authorizations for card transactions that fly in nanoseconds from a terminal, to the card issuer, and back again. As a result, card fraud is below five basis points in our region, which is one out of every two thousand transactions.

The rest of the world is far behind us. Fraud is much higher, sometimes three to four times higher in developed countries, but most foreign telecom monopolies chose to wait for cellular, rather than invest heavily in landline-based technologies. A chip card, however, would allow for PIN verification at the point-of-sale, thereby removing much of the risk from counterfeit or lost-and-stolen cards.

U.S. banks and the merchant community shuddered at the total cost for EMV migration. Cards, ATMs, terminals, and electronic cash registers, not to mention the software changes to handle different messaging protocols, would have to be changed. The estimated all-in cost could exceed $10 billion, while potential fraud reductions were seen as minimal. Smartphones offered many new advantages – why not wait for that technology to take hold before investing billions in old technology?


Why is EMV migration necessary in the United States?


U.S. cardholders may have already encountered card acceptance issues when traveling abroad where chip standards are the rule. The bigger issue, however, is for foreign chip cardholders when they come here. Some cards also have magnetic stripes. Some do not, but Card-Not-Present (CNP) transactions have soared, as a consequence. Chip cards do not offer protection for CNP items.

Experienced law enforcement officials will tell you that fraud is like a balloon. If you squeeze it one place, it will naturally bulge at another. Crooks will always search for the weakest link when a new prevention technique appears. As chips have taken hold, CNP fraud has escalated, and it is a good bet that the same will hold true for America.


What are the implications of EMV migration for ecommerce?

Ecommerce is the fastest growing sector of retail sales, but it is all about CNP transactions. It is a given that fraud will increase with EMV migration, but the chips will not help without a special card reader attached to your phone, laptop, tablet, or PC. Attempts with this kind of approach have had limited success. Other PIN-based methods like “3D-Secure” or using “tokens” have not made a difference either. Large companies will step up their security approaches to identifying customers by account status, but smaller companies may have to rely on address verification or fraud prevention screens provided by third-party processors. The time is now to get familiar with these alternative approaches.

Chip cards and chip-reading terminals are coming to America. Deadlines for shifting liabilities for non-compliance have already been set for October 2015 by the card associations. According to experts in the field, there will be “many flavors of adoption.” Now is the time to coordinate your EMV migration plan with your merchant processor and to combine smartphone technology benefits with whatever decisions that you make along the way.


Click here for a related story that can help you learn more about EMV migration.

1 Comment

One Comment

  1. Posted March 6, 2014 at 12:39 pm | Permalink

    VbV & 3DSecure haven’t made a difference because nobody uses them, and the banks don’t necessarily want you to. Regulation E is an interesting caveat in consumer protection here. In Europe, they can stick it to the consumer if the carder knows your pin. Here, not so much, so the banks are less interested. It saves them less money. That’s a nuance you’re leaving out.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>