EMV (Europay/MasterCard/Visa) Migration Status
On August 9, 2011, Visa announced plans to accelerate the migration to contact chip and contactless EMV chip technology in the U.S. They believed the adoption of dual-interface chip technology would provide stronger authentication and transaction security, and help prepare the U.S. payment infrastructure for the arrival of Near Field Communication (NFC-based) mobile payments by building the necessary infrastructure to accept and process chip transactions. Visa set an effective date of April 1, 2013, for acquirer processors and sub-processor service providers to support merchant acceptance of EMV chip transactions. In January 2012, MasterCard announced their U.S. roadmap to enable the next generation of electronic payments with EMV as the foundational technology.
Where has EMV been adopted? (source: EMVCO, December 2013)
• Eighty countries globally are in various stages of EMV chip migration, including Canada and countries in Europe, Latin America and Asia
• 2.37 billion chip payment cards are in use globally
• 99.9% of terminals in Europe are chip-enabled
• 84.7% of terminals in Canada, Latin America, and the Caribbean are chip-enabled
• 86.3% of terminals in Africa and the Middle East are chip-enabled
• 71.7% of terminals in Asia Pacific are chip-enabled
Migration Process
The United States is one of the last countries to migrate to EMV chip technology. On October 1, 2012, Visa was the first of the major card brands to announce changes to their operating rules that would shift liability for various types of card fraud to the entity involved in the transaction process who provides the least secure environment. Since Visa’s announcement, MasterCard, AMEX, and Discover have all followed suite with rule changes that are essentially the same.
EMV Deadlines for rollout in the U.S. as mandated by card networks:
Visa – October 2015
• The party that is the cause of a contact chip transaction not occurring will be financially liable for any counterfeit fraud losses. Does not include automated fuel dispensers
MasterCard – October 2015
• If at least 95% of MC transactions originate from EMV compliant POS terminals, the merchant is relieved of 100% of account data compromise penalties (excluding fuel)
AMEX – October 2015
• AMEX has instituted a Fraud Liability Shift (FLS) policy that transfers liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology
Discover – October 2015
• Discover has instituted a Fraud Liability Shift in the U.S., Canada, & Mexico. The policy is a risk-based payments hierarchy that benefits the entity that leverages the highest level of available payments security
Higher Level of Security Needed
With the pending liability shift and the increasing number of data breaches occurring in the United States today, it is more important than ever to move to a technology with a higher level of security. EMV secures the payment transaction with enhanced functionality in three areas:
(source: EMVConnection)
1. Card authentication, protecting against counterfeit cards
2. Cardholder verification, authenticating the cardholder and protecting against lost and stolen cards
3. Transaction authorization, using issuer-defined rules to authorize transactions
An EMV card stores payment information in a secure chip rather than on a magnetic stripe. Unlike a magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that can be used to conduct an EMV payment transaction successfully. While large data breaches will unfortunately continue to occur, the perpetrators of these crimes will find it increasingly difficult to use this data to successfully conduct payment card fraud.
Several factors are now driving a dramatic increase in the issuance of EMV enabled cards in the United States. In fact, the Aite Group recently predicted that by December 2015, 70% of credit and debit cards in the U.S. will contain a computer chip that conforms to the EMV protocol.
What Should Merchants Be Doing?
• Assign in-house EMV expert/owner
• Ensure point-of-sale (POS) system supports all EMV payment types (contact, contactless/NFC, mag-stripe)
• Ensure POS provider and acquirer can assist by deadline
• Develop training program for employees affected
• Seek independent advice if you feel like your acquirer or POS provider are trying to take advantage of this change
What Not To Do
• Do not sign a lease for any standalone POS devices. Month to month rental programs for EMV enabled terminals are available for less than $10.00
• Avoid long-term commitments, particularly if the provider can modify processing rates
• Don’t ignore the importance of migrating your POS to an EMV enabled environment
Conclusion
U.S. based merchants not yet prepared for EMV functionality, need to be preparing NOW. With fraudsters targeting U.S. based merchants more and more (partly due to our continued reliance on mag-stripe technologies vs. the rest of the world’s migration to EMV), U.S. based merchants do not want to be the “weak link” where card fraud liability will reside.
Original Article located at:
Article submitted by:
Thomas A. Wimsett – Chairman & Managing Partner, Wimsett & Company, (a payments consulting and merchant advisory firm), Louisville, KY – 502-964-6030 – twimsett@bardstown.com
BSBA from University of Louisville; University of Louisville Board of Advisors
Director of Jack Henry & Associates (NASDAQ:JKHY), Monet, MO
Board Chairman of Town & Country Bank & Trust Company, Bardstown, KY
Former President & CEO of two of the largest merchant acquirers in the U.S.
Former Director for MasterCard’s U.S. region, Purchase, NY
Former Director, Board Officer and current member of Electronic Transaction Association, Washington, DC – 2008 ETA Member of the Year – Member of KY Bankers Association