In the four years since Visa Inc. announced the EMV liability shift would be Oct. 1, 2015, merchants, issuers, processors, and other parties have expended huge efforts to prepare for this day. But the real work—converting millions more merchants, issuing millions more chip cards, and educating merchants and consumers—is in the offing.
Starting Oct. 1, the liability for counterfeit point-of-sale transactions made with credit or debit cards shifts to the party not equipped to accept EMV transactions.
As of Sept. 15, Visa Inc. says U.S. issuers have distributed 151.8 million Visa-branded chip cards, and more than 314,000 merchant locations have chip-enabled POS terminals out of an estimated 8 million POS terminals. A merchant location is a store that has one or more terminals. A chain would have multiple merchant locations, Visa says.
“Oct. 1 is a beginning and the end is a ways off,” says Thad Peterson, senior analyst at Boston-based Aite Group LLC. “The adoption process will depend on merchant size, potential economic impact of fraud by business category, and other business priorities, like making sure that throughput doesn’t slow down over the critical holiday season.”
A full migration will take between five and seven years, says Sherif Samy, commercial director at UL LLC, a Northbrook, Ill.-based transactions security testing provider. “Mirgrating the U.S., because of the complexity of the players, the complexity of the payments ecosystem, should not be underestimated,” Samy says. “It's like migrating Europe twice.”
While big-box retailers like Target Corp., Walgreen Co., and Wal-Mart Stores Inc. have prepped by installing EMV-capable POS terminals, smaller ones have lagged, says Michael Moeser, director of the payments practice, retail and small business, at Javelin Strategy & Research, a Pleasanton, Calif.-based payments consultancy. “We expect merchants to pick up the pace on EMV terminal upgrades, especially since more and more consumers will be receiving new chip cards,” Moeser tells Digital Transactions News via email. Javelin forecasts that 33% of all credit cards will have chips by the end of 2015, reaching 43% in 2016 and 56% in 2017.
Most of these cards are of the contact variety. More than 95% of the cards delivered by Oberthur Technologies’ North America division have been the contact version, which requires that the card be dipped into the POS terminal and left there until authorization is received, Martin Ferenczi, Oberthur president for North America, tells Digital Transactions News.
Many consumers, unaccustomed with how EMV transactions work, may yearn for the speediness of a swipe, says Moeser. Contactless payments, such as those made with Apple Pay, Android Pay, or Samsung Pay, can also be much faster than an EMV transaction, which Moeser says can take from 5 seconds to 10 seconds. Consumers might want credit and debit cards with a contact chip and a radio antenna, dubbed dual-interface cards.
Currently, about 40% of the chip cards outside of the United States are dual interface, Ferenczi says. “This will be the next phase of the U.S. migration,” he says. “With the deployment of mobile payments and more merchants allowing for mobile payments with phones, we will see an acceleration in the deployment of dual-interface cards.”
While acknowledging that contactless payments have increased in the United Kingdom and Europe, which adopted EMV transactions many years ago, “it’s unclear to me whether dual interface will move quickly here or if mobile wallets will be the U.S. equivalent,” Aite’s Peterson says. “I suspect the latter.”
As for the expected rise in card-not-present fraud as EMV transactions become more commonplace, and criminals find it harder to conduct fraudulent transactions at the point of sale, one countermeasure might be payment cards that have revolving card-verification codes, such as Oberthur’s Motion Code technology.
Motion Code incorporates a dynamic card-verification value (CVV)—on the front or back of the card—that changes every 40 to 60 minutes. In tests now with five issuers, including one in North America, the technology attempts to stymie online fraud with the changing code, Ferenczi says. The issuer, because it uses software supplied by Oberthur to know what the code should be, can deny a transaction if a criminal attempts to make an e-commerce purchase with an outdated code.
Regardless of the technology, educating merchants and consumers will be an ongoing exercise. Issuers and card brands have developed Web sites and marketing materials for both audiences. But the real lessons will come at the point of sale.
“My big concern is that consumers will need to be educated on how to conduct EMV transactions,” Moeser says, “or else we could see some very long checkout lines and frustrated shoppers in the upcoming holiday season.”