n
The Europay-MasterCard-Visa (EMV) chip card standard will impose extraordinarily large costs on retailers to attack a relatively low fraud rate, while doing nothing to contain e-commerce fraud, a panel of executives with three major merchants said at a trade show this week.
n
In the case of some merchants, a high rate of PIN acceptance is already controlling fraud, the merchants said. “Our actual fraud rate is so small it’s hardly worth mentioning,” said Gavin Waugh, vice president and assistant treasurer at Wendy’s International Inc. “[EMV] doesn’t move the needle that much. Even if we pay the fraud liability, it’s a whole lot cheaper than putting in [EMV] terminals.” The hamburger chain processes 300,000 card transactions daily, Waugh said.
n
Waugh added that chip card acceptance will impose special difficulties for fast-food restaurants, such as equipping drive-throughs to handle the cards. Chip cards must be inserted in a terminal and left there for the duration of the transaction.
n
The merchants, who spoke in San Diego at Payments 2013, a conference sponsored by automated clearing house network regulator NACHA, decried the cost of EMV installations compared to the possible fraud savings. George Odencrantz, vice president of information technology at Sinclair Oil Corp., said that since 80% of Sinclair’s transactions are PIN-based, EMV will not offer significant additional protection against fraud. Meanwhile, Odencrantz estimated deploying EMV at his company’s gas stations will cost $20,000 per location or $40 million for the company in total. “It’s going to take a staggering amount of money,” Waugh noted.
n
Some panelists saw this investment attacking the wrong problem. Rue A. Jenkins, assistant vice president, treasury, at Costco Wholesale Corp., observed he is less concerned about counterfeit card fraud, which EMV addresses, than he is about fraud stemming from increasingly frequent data breaches. “That’s a bigger concern, in my view,” he told the audience. “There’s a huge exposure there” from malware stealing card credentials.
n
Under plans released by the card networks, U.S. merchants have until October 2015 to have their stores equipped to accept EMV chip cards. Petroleum retailers have an additional two years. On those dates, merchants that aren’t equipped for EMV will have to accept liability for counterfeit card fraud, losses issuers absorb now.
n
But, as the merchant panel pointed out, EMV tackles only point-of-sale fraud. In other regions of the world where EMV has been adopted, fraudsters have shifted to e-commerce, driving up online fraud losses, which are absorbed almost entirely by merchants.
n
In the United Kingdom, for example, card-not-present fraud shot up to 62% of all card fraud in 2010 from 30% in 2004, according to statistics presented by processor First Data Corp. during a presentation this week at a separate trade show in Las Vegas. Canada saw online fraud jump from 31% of all card-fraud losses in 2008 to 50% in 2010, according to the presentation, which was given at Cartes America.
n
The prospect for increased card-not-present fraud worried the NACHA panelists. And some pointed to other payment channels that could be vulnerable. “We are very concerned [EMV] solves only a card-present problem,” said Jenkins. “EMV is going to push fraud to areas that aren’t as well protected.” He mentioned ACH and checks as tender types that may also undergo increased attack from fraudsters.
n
Even panelists whose businesses are entirely card-present expressed concern about the problem, pointing to the increasing popularity of online shopping. “We’re going to spend an extraordinary amount of money [on EMV] to protect a card-present environment when the world is going to a card-not-present [environment],” said Waugh.
n
The issue of card-not-present fraud, indeed, could lead Costco to adopt technologies that would allow consumers to use PINs online in place of signature debit, Jenkins told the audience. “We’ve followed [that technology] for several years,” he said. “It’s back on the radar.”
n
Costco in 2007 seemed close to adopting a PIN-debit technology for its e-commerce operation, but ultimately backed away. “:We had several issues with it, and that’s why we didn’t pursue it,” Jenkins said.