EMV Experts Weigh In on the Headaches, Merchants, Chargebacks, PIN vs Signature
While due to be in place last October, EMV has been slowly materializing. All of the various participants ARE making progress, according to experts. For example, MasterCard is now reporting that 80% of its outstanding cards have chips. But how is the merchant doing, why are we doing chip and signature, and what is in store for the future?
The Point of Sale News spoke with several industry leaders for an update. Kind enough to share their thoughts were Scott Blum, Vice President of Total Merchant Services; Andrey Tikhonov, Senior Director, Payment Technology, Certified TG-3 Auditor, for Infinite Peripherals; and Henry Helgeson, CEO of Cayan.
Q(Point of Sale News): What does the near future hold for EMV adoption and implementation?
A: Blum: We believe that EMV adoption will continue to grow at a slower yet steady pace in the SMB space than adoption last year. Many SMBs converted at the deadline, and those that waited have converted on a slower, albeit steady pace. We believe this adoption trend will continue in the next 6 months.
A: Tikhonov: ISV and vendors will continue on the EMV implementation path. Many previously took a shortcut and implemented limited scope software applications that reduced the software capability to Visa and MasterCard contact chip only, bypassing the less common American Express and Discover card brands and reducing the NFC payment schemes acceptance. Now, many of these vendors must go back to the queue to add support for AE and Discover, as well as re-enabling the NFC schemes. It will take more than 6 months to clear up the queue.
Q: (POSN) Is chip and pin going to emerge or are we destined to have chip and signature forever?
A:Tikhonov: Although initial implementation of EMV was practically 100% chip-and-signature, card brands will begin the process over the next several years of migration to Chip-and-PIN as a more secure card acceptance schema. The chip-and-signature originally was selected by the card brands as the least invasive option for merchants and customers in the initial implementation of EMV in the U.S. market. The chip-and-signature only addresses one aspect of card-present fraud – counterfeit cards, but does not address a stolen card issue. Therefore, chip-and-PIN is enforcing a stronger cardholder validation method, and over time will become a prevalent option for cardholder verification.
A: Blum: EMV is one of the most effective methods for reducing skimming and counterfeit credit card fraud. The addition of the PIN mitigates losses from lost or stolen card fraud. In the US, skimming and counterfeit fraud is over 2X the loss from lost or stolen cards, and therefore it makes sense to focus on that first. Chip and Signature solves that issue, so in the short term it may be the most cost effective approach. In addition, other forms of authentication similar to the PIN are developing, which may make the investment in PIN less attractive over time.
Q: (POSN) Merchants are saying that there are more charge-backs. Are you seeing that and if so, why?
A. Tikhonov: Yes, there is a trend of increased volume of charge-backs — mostly transactions originating with magnetic stripe use in non-EMV-ready merchant environments. This can be attributed to: 1). Issuers are taking advantage of unprepared/non-EMV merchants to satisfy consumer charge-back requests in favor of consumers, justifying the judgment by the new liability shift; 2). Educated consumers may be taking advantage of unprepared/non-EMV merchants by falsely claiming that charges are fraudulent, knowing that in a magnetic stripe environment, they are likely to benefit from a charge-back being honored in their favor.
A. Blum: We are seeing an increase in chargebacks for merchants as a result of the new EMV rules. This is not a result of any changes in computer programs.
Q: (POSN) What other trends or issues do you see?
A: Blum: Our initial view is that the introduction of EMV will actually result in an increase in NFC and mobile payment adoption. This is because the time required for a customer to complete an EMV transaction can take up to three times the time required for an NFC transaction. As EMV becomes the standard, more merchants and customers will opt to use their phones and watches for convenience and speed. The card associations are working to increase the speed of EMV transactions to make this faster, which we believe we happen over the next several years. At the Electronic Transaction Association’s TRANSACT 16 event, Visa announced the launch of Quick Chip for EMV, a technology enhancement that optimizes EMV chip card processing and check out times. We will see how that technology plays out, but in the meantime EMV should help NFC adoption.
A: Tikhonov: The complexity of EMV implementation will drive the consolidation of ISV market. Due to the significant time, money and expertise required for EMV, only the strongest ISVs will survive the pressure and cost of the integration process.
Recently a team from NCR exposed a potential flaw in the chipped credit card, much to the consternation of some vendors. Henry Helgeson, CEO of Cayan weighed in: “As if EMV speed issues weren’t already a challenge for retailers, now they face the additional concerns brought up by NCR’s report and the assumptions it makes. In reality, it’s not quite as sensational as depicted. What’s really going on here is that many issuing banks are still working through their fraud algorithms. Essentially, when the EMV flag is missing on a card, the issuing bank should be able see that the track data was incorrect and decline the transaction. When this doesn’t happen, there is a risk of merchants getting chargebacks resulting in this type of fraud. Encryption is important, yes, but what’s more pressing is for the issuers to update their fraud algorithms so that merchants aren’t the ones paying the price.”
So, almost a year after introduction in the United States, and ten years after the introduction of chip and pin in Europe and Canada, progress comes at a modest pace – with one step backwards for every two steps forward. Will it be enough to stay ahead of the hackers? That battle is likely to continue for the foreseeable future and merchants should be diligent in applying state of the art technology for the safety of their own businesses and for the security of the cardholder’s information.