Skip to main content
EMV
Inside WEX

US EMV Five Months Later

March 11, 2016

Following the liability shift from processors to merchants and banks on October 1, 2015, many of the processors noted it a ‘watershed’ year for the cards and terminals.

However, in terms of merchant adoption, there is still work to be done. According to Krebs on Security, U.S. consumers currently can expect to find chip cards accepted in checkout lines at fewer than one in five brick-and-mortar merchants. This even as merchants take increased responsibility for card present fraud.

A Brief Rewind: EMV Background

An example: In 2014, the United States was home to 48.2 percent ($7.86 billion) of global card fraud losses, but only 21.4 percent of total spending volume. Comparatively, European countries saw as much as a 70% drop in card-present counterfeit fraud after chip card adoption.

To combat fraud at point of sale terminals, major processors announced an October 1, 2015 deadline for merchants and banks, transferring liability to one on those two parties based on a wide variety of factors. For more information on that deadline, see our blog on the background, liabilities, and verification methods that we released prior to the liability shift.

Five Months Later: Questions to Consider

The entire shift to chip cards marked a step toward major change in the way Americans purchased items in stores, but looking at current adoption and opinion, a few questions arise.

What’s Holding Merchants Back from Implementing Terminals?

Payments Views author Allen Weinberg noted this as one of two key questions about the current state of US EMV adoption, reasoning that the lower adoption rates stems from the long shelf lives of terminals and the lack of necessity at smaller merchants who are highly unlikely to ever see a counterfeit card.

This in addition to the fact that many smaller, lower risk retailers are still weighing the economic impact of investing in the terminals. However, SMBs in higher risk categories, such as electronics and jewelry retailers, should now be highly motivated, says National Federal Federation VP of Government Affairs Craig Shearman in an interview with SC Magazine.

Even with the ISOs and acquirers lobbying merchants for adoption, this is still new to the smaller merchants who didn’t read into the shift until they received their new cards in September.

For Merchants with Chip Terminals, Why Aren’t the Terminals Enabled for Chips?

This is a much more interesting question, according to Weinberg, who shares his ideas on why retailers who have purchased and installed chip-ready terminals have not begun to use them:

  • Do Not Want to Be Customer’s First Experience with Dipping Card: Especially during the hectic holiday season, many retailers just didn’t want to have to train and educate customers on how to use the terminals.
  • Time Consuming Effort: The training to employees and updates to POS systems that need to be completed could take years. For debit cards, this process is even more complex.
  • Certification Process: Even if everything was ready in time, the retailers faces many challenges receiving approval by acquirers.
  • Tipping: The restaurant industry has had its own concerns with the processing of chip cards, even as many of them have updated their terminals, due to the tipping process. Even when the process and software is updated, restaurants still face the long approval process.

The Strawhecker Group, payment industry consultant, released a recent survey confirming Weinberg’s rationale, identifying the three biggest impediments to EMV as payment processor readiness, gateway readiness (aka lack of middle-man acting as a conduit between the merchant and acquirer), and technical staff resource availability.

Looking Forward

In the aftermath of the liability shift, The Strawhecker Group currently estimates 37% of merchants are already EMV-ready, and predicts that by June 2016, consumers will be able to use chip cards at 50 percent of U.S. merchant locations, not reaching the 90% threshold until sometime in 2017.

How Will PCI DSS 3.2 Affect Merchants and Customers?

Rather than its update in Fall, the Payment Card Industry Data Security Standard (PCI DSS) update from 3.1 to 3.2 will occur in the first half of 2016 due to the rise of mobile payments and EMV, as noted in a Q&A with PCI Security Standards Council Chief Technology Officer Troy Leach.

As EMV provides an additional level of authentication at POS, it also provides more information for hackers to access, meaning PCI Standards come in to add protections for the point of sale device itself and provide layers of additional security controls for businesses to use throughout the transaction process and across payment channels to keep card data safe.

Learn how the two security standards work together in this fact sheet by PCI Security Standards Council, and this infographic.

Could Slow Adoption of EMV Lead to Increased Use of Mobile NFC?

If you’re a merchant accepting chip cards, or a consumer using one, you’ll notice that the process takes much longer than traditional magnetic stripe payments. Of course, while this to provide enhanced security, this may turn into an inconvenience for customers at quick serve restaurants or holiday shoppers.

QSR Magazine predicts this could lead to an increase in mobile payments:

“Industry leaders predict that this lag will help accelerate the adoption of mobile payments like Apple Pay, Android Pay, and Samsung Pay. Mobile NFC (near field communication) payments are leagues faster than chip cards; they’re processed pretty much instantaneously. And with several layers of dynamic encryption, they’re arguably even more secure than chip cards. In addition to employing a technology called tokenization, which scrambles the bank details each time a customer pays, mobile payments like Apple Pay are locked down with fingerprint ID. So even if you were to lose your phone, you’re safe.”

Will There Be an Increase in Card-Not-Present Fraud?

When the United Kingdom made the shift to EMV, customers found an increase in online fraud. This is a concern for many forms of protection need to be in place, according to an article in Lehigh Valley Business:

  • Security Beyond HTTPS: “Hackers have figured out how to crack security certificates,” said Tom Tesmer, chief operating officer of JetPay Payment Services, referencing PCI compliance as another layer of ongoing security efforts to prevent online credit card theft.
  • Fraud Pattern Recognition: “There are software services to subscribe to that look for fraud patterns at checkout,” said Randy Vanderhoof, Executive Director of the Smart Card Alliance. “One example is that the person who has a card lives in Pennsylvania, but the IP [Internet protocol] address is showing that the transaction is from an eastern European country.”
  • Tokenization and Cryptography: Tokenization is a way to more securely send sensitive data, and is enabled by the creation of a unique code through cryptography.
  • Transaction Timing, Geolocation, and Fraud Scoring: Using predictive patterns can minimize the opportunity for tracking and stopping fraud, with the system automatically flagging and declining transactions that are not feasible based on location and timing of transactions, or based on common customer actions.

Further Forward: October 2017’s Automated Fuel Dispenser Shift

The liability shift for automated fuel dispensers is not occurring until October 2017, due to cost and complexities to two major parties: merchants paying an estimated $6,000-$10,000 per pump and fleets that use closed loop cards with alternative security measures in place to reduce fraud.

Consumers need to remain vigilant while pumping gas, checking for broken seals/cracked dispensers, as the chip cards only protect them when the chip is being engaged.

Stay Up to Date in the Payments Industry

WEX is your source for all the latest in the payments industry—whether that’s consumer or business focused—as we cover everything from mobile payments to procurement, ecommerce to enterprise software.

Follow @WEXIncNews on Twitter, and join the conversation on LinkedIn.

Stay connected

Subscribe to our Inside WEX blog and follow us on social media for the insider view on everything WEX, from payments innovation to what it means to be a WEXer.

"*" indicates required fields

Find out how WEX can help grow your business