Back in 1993 I had the opportunity to help in forming the working group who developed and ultimately published the EMV Smart Card Specifications for Credit and Debit Cards. Since then, as a member of the Europay and Visa Canada executive teams I promoted the virtues of smart cards and the business case for EMV.
As a consultant, one of the focuses of my practice is EMV. In both Europe and Canada I counseled executives on the what, how, when, business value and future opportunities of EMV, smartcards. mobile payments and internet payments
One question has always been asked of this American - “when will the USA migrate”. Up until recently I was stuck, giving bland answers. I suggested that we would have to wait until after fraud migrated to the USA, away from EMV protected countries. I tried to explain to people, committing comparable sums of money, that the size of the investment required of US Issuers, Acquirers and Merchants is enormous and frankly cannot be justified.
Why they ask, simple economics I answered. I explained that when one looks at the quality of the fraud management systems in place, the level of on-line authorization and the losses incurred; it simply does not make sense.
Debit is the real reason to Migrate to EMV
In 2007 I was working with “The Exchange”, a Canadian network that supports sharing of ATM services such as deposit, bill pay and account to account transfers. The focus of my work was to help them to understand the implications of EMV and to work with them to develop their go forward strategy.
Part of the research led me to talk with the Fiserv, the Brand owner and their strategic partner. While discussing what the Canadian entity needed to do with the America responsible for the USA Exchange and Accel network; the conversation drifted to when will the USA move to EMV.
What sat front and center inour discussion is the American banks that issue PIN Based Debit Cards have a much stronger rational to migrate to EMV than the credit card and signature based Debit issuers. In the PIN Based Debit arena the “reputational risk” has and will continue to be the real justificationfor the migrate from magnetic stripe to Chip and PIN.
Why you may ask. My answer is simple. The cost to a criminal to install a fascia and PIN hole camera on an ATM, capture the magnetic stripe and PIN; offers these international criminals a very rewarding business case. They are also funding aggressive operations that embed people into factories that produce magnetic stripe and PIN Pads with the imbedded capability of capturing and transmitting the magnetic stripe and associated PIN to the Mafia
Reputational Risk is the catalyst
So how does this affect “Reputational Risk”?
1. When the criminal perpetrates debit card fraud, they focus the attack at ATMs the cardholder would probably visit. The Issuers’ fraud management systems are finding it hard to differentiate between a valid transaction and a fraudulent transaction, so out pops the cash, 100% fungible no need to fence the goods and cheaper and more profitable than robbing the bank
2. Weeks later the cardholder notices that there is not as much money in their checking account as they expect and they call the Bank’s call center. The argument follows - But only people who know your PIN can withdraw funds from your account, who did you tell your PIN to, your ex, your children …
3. Eventually after a lot of time explaining, crying, shouting and generally getting on each other’s nerves; the Bank’s customer service agent will final accept that the cardholder did everything to protect the PIN and card; so the bank will reluctantly restore the funds to the cardholders account.
4. Bottom line the cardholder feels that the bank does not care; their systems are not safe and the cardholder is now afraid to use their debit card. The Bank and its ATM network are now at “Risk”.
No one should be surprised at this form of attack. I knew and teh media presented the realtities of such attacks back in 1994. As the size cost of the equipment shrinks and the capabilities of technology expands the incidence simply increase and proportional to the rewards.
To put a point on my analysis; when most countries decide to migrate to EMV it is not the Credit side of the cardholder relationship that seals the deal for the CEO and senior executives. It is the Debit side that pushes the bankers to say yes we must migrate to EMV. MasterCard and Visa, who participant in both credit and debit, want the publicity. Whereas the debit networks would prefer to not talk about the problem. End result we are left thinking credit cards drive the migration to EMV. Compounded by the reality that for credit cards in the USA, there is simply not a business case.
For the US banks to come together to decide that EMV is the right thing to do; there must be a place where the Issuers and Acquirers can come to terms with the cost and agree on an equitable way to fund the investment required. For the debit card side of the Banks there is not an obvious place to have this discussion. Most PIN Debit networks are either regional or owned by publicly traded organizations. There does not appear to be a common forum capable of bringing the executives together to agree and commit.
Migration to EMV is expensive – YET really it is not
Everyone talks about how expensive it would be for America to migrate to EMV.
Yes if we are to approach the migration with the Big Bang theory it will be ridiculously expensive. Instead what the powers that be should agree is that all cards and terminals will be EMV by say 2019, ten years.
Let’s acknowledge that most of the major acquirers and processors have already implemented EMV on their international platforms; so the implications are understood and if they where intelligent when upgrading for Canada, England, Europe, Latin America, Middle East and Asia, they should have considerted how to cost effective assure the inclusion of EMV on their American platforms, someday.
So now they simply have to add it to the list of requirements that will be included in one of the yearly upgrades, or, as part of their technology replacement plans. Remember we are saying EMV in 10 years.
Ten years is a long time when we think about technology. Therefore they have no justification to argue it is punitive to force them to implement EMV.
On the terminal side we must remember that for the merchant there are only intangible benefits to implementing EMV. Yes, like MasterCard Visa etc, EMV can be positioned as the cost of doing business and included in one of the compliance upgrades.
Or, if we are intelligent, we say to the ATM operators, merchants, ISOs and acquirers, the next time you upgrade your point of sale system - buy an EMV compliant PIN pad and include EMV as one of the requirement for the systems that drives the device and transmits the approval requests and clearing records to the acquirer.
Any ATM/POS supplier who sells outside the USA has EMV devices in their catalogue. All the Value Added Resellers who sell international have support for EMV within their software. NCR, Wincor-Nixdorf, IBM, EFunds, ACI, S1 … all support EMV.
With this plan in place, over time EMV will progressively be enabled at the point of sale. with minimal cost impact. Yes the vendors will have to be told to play nice and not exploit the opportunity. Yes for merchants that attact significant International clientele they should migrate sooner. Yes, locations that are known to be high risk merchants they should be made to implement EMV sooner.
This leaves the Issuer with an easy question to answer, when do I add an EMV chip to my card. Well the answer is easy and it is complex. On the simple side, when they think there are enough terminals to achieve the fraud saving then do it. Or, we can add the contactless and mobile payment dimension and start talking about Combi cards, embedding EMV into the handset, considering Multi-application opportunities. I’ll talk about that another day.
Agree to move and give people enough time so that there is no pain
Bottom line my message to the US market is the question is no longer about who will pay it is simply about how much time should we allow everyone, so that the incremental cost is irrelevant.
This Blog was driven by reading a recent review from CTST
U.S. getting squeezed by EMV Wednesday, May 6, 2009 in News
http://www.contactlessnews.com/2009/05/06/u-s-getting-squeezed-my-emv
With Canada and Mexico both going to EMV and most of the rest of the world doing the same it may be a matter of time before U.S. card issuers are forced to go to chip and PIN. EMV in the U.S. was the topic of a panel at the CTST Conference in New Orleans.
PPSD Features
