Bank of America Corp. last month began issuing debit cards that adhere to the Europay-MasterCard-Visa (EMV) chip card standard, thus becoming the first mega-bank to begin a wide-scale EMV conversion. Cards for existing customers will be issued as old cards expire or are replaced for other reasons.
The U.S. payment card industry is moving away from the magnetic-stripe card to one that employs a chip that adheres to the EMV standard. The major payment networks have set a so-called liability shift for October 2015 in which the party in a card transaction that cannot support EMV payments—issuer or mechant—will be responsible for any resulting counterfeit card fraud. Fuel-pump operators have two years beyond that to convert.
A spokeswoman for Charlotte, N.C.-based BofA says the bank plans to have the majority of its cards converted by late next year. She would not say how many debit cards the bank has outstanding.
The relatively early conversion is important not only because of the size of Bank of America’s debit card portfolio—$69.5 billion in debit purchase volume in the second quarter—but also because the PIN-debit side of the EMV equation was a debatable proposition until earlier this year.
EMV transactions use so-called common application identifiers to indicate how they should be processed. The common AIDs enable PIN-debit transactions originating on EMV chip cards to meet the routing requirements of the Dodd-Frank Act’s Durbin Amendment. Under Durbin, a debit card must present the accepting merchant with a choice of at least two unaffiliated networks for transaction routing. Such operations are relatively simple with mag-stripe cards but much harder with EMV cards. Visa, MasterCard, and other international networks own the EMV technology, and, operationally, EMV chips weren’t designed to support multiple networks.
The BofA spokeswoman says the bank is “using the accepted industry standard that has been agreed to and certified by all of the networks.”
The bank’s timing makes sense, says David Whitelaw, a director at Edgar Dunn & Co., a San Francisco-based consulting firm. Enough time has passed since the debit issue was resolved, he says.
EMV has garnered much attention in the wake of numerous point-of-sale data breaches, which may have influenced BofA’s decision, suggests Beth Robertson, principal at Robertson Payment Services LLC, an advisory firm based near Baltimore.
“Even though the chip rollout is targeted toward new or reissued BofA debit cards, a breach could affect a significant number of cards being moved to chip,” Robertson says. “And I do think the regularity and scope of recent breaches has more merchants demanding that chip cards be put in play. Likewise, it appears that an increasing number of merchants are getting the requisite readers in place.”
BofA says it has been adding chips to its commercial cards and consumer credit cards since 2012.
“The key cardholder populations that first needed chip were international travelers,” Robertson says. “Otherwise, those cardholders faced potential transaction declines and the issuers faced resulting user dissatisfaction.
“But now that most of those portfolios have issued chip or made chip available, issuers will need to turn to domestic transactions and their cardholder populations,” she continues. “It is notable that we are moving to domestic transactions on the scale of BofA’s debit cardholder population, as this is a substantial base of cardholders and must have been deemed more subject to potential fraud than some of the bank’s other cardholder groups.”
Whitelaw’s colleague, Jane Cloninger, a director at Edgar Dunn, says BofA’s action should spur other issuers to reconsider their own EMV rollouts.
“Fraud will begin to migrate to those issuers who are the weakest link,” Cloninger says. “In other markets, we have seen fraud increase dramatically at financial institutions [that] lagged the market.”
—Kevin Woodward