Rome wasn’t built in a day, and EMV won’t be fully implemented in the United States for some time to come, but at least some foreign observers who have experienced nationwide deployment of the Europay-MasterCard-Visa chip card standard are starting to show impatience with EMV’s sluggish U.S. progress.
Fearing a wave of fraud as international criminals turn their attention the U.S., Auriemma Consulting Group this week issued guidelines urging U.S. payments players to speed up development of EMV, which is seen as more secure than magnetic-stripe cards. The document includes five lessons learned in the U.K., which adopted EMV late in the last decade, giving as one of them that “there needs to be a greater sense of urgency.”
Indeed, the lessons are intended to be “more of a hot poker” to goad U.S. payments executives, says Stuart Sykes, London-based director of operations for Europe, the Middle East, and Africa for New York City-based Auriemma Consulting.
“The [EMV Migration Forum] must move quickly to develop a migration plan or the U.S. will risk being left lagging behind other first-world countries and potentially becoming a hot-bed for fraud activity across the rest of the world,” the document says. “U.S. cardholders will have increased difficulty using their cards overseas. Above all, issuers and acquirers need to act now since EMV migration is a complex, lengthy process involving several key strategic decisions which need to be addressed as early as possible in order to meet the networks\’ liability-shift deadlines.”
Sykes adds that the longer the U.S. takes to implement EMV, the more fraud other regions of the world that have adopted the standard will have to bear. “Most of our foreign fraud happens in the U.S.,” he says. “Fraudsters are sending [stolen] cards to pals in New York because they know it’s not chip-and-PIN.”
The EMV Migration Forum (EMF) is a cross-industry payments group operating under the auspices of the Princeton Junction, N.J.-based Smart Card Alliance trade group to smooth the U.S. transition to EMV chip card acceptance and processing. The major card networks have set October 2015 as the deadline for moving liability for counterfeit card fraud on most U.S. transactions from issuers to merchants if the merchants are unprepared to handle EMV payments.
Despite the group’s efforts, movement toward EMV in the U.S. has been bogged down in issues including the cost of chip cards and terminals, merchant reluctance, and industry uncertainty over whether cards will process with signatures or PINs. Another hurdle, which is unique to the U.S. market, is a requirement of the Dodd-Frank Act’s Durbin Amendment that merchants have a choice of networks in processing debit transactions. The EMV specification is not designed to accommodate such choice, but sub-groups within the EMF have been hammering out proposed solutions, the latest of which was presented on Tuesday.
Sykes tells Digital Transactions News that a Durbin fix must be put in place soon. “You’ve got to get around it somehow,” he says, to keep EMV moving.
While some might argue the U.S., with its multitude of financial institutions, is a special case, Sykes points to the example of Italy. “In Italy, there are more banks per capita than anywhere in the world, and what they said was, ‘We’ve got to work together.’”
A former banker in the U.K. and executive with First Data Corp., Sykes says he is dumbfounded that U.S. payments executives seem split over whether to use chip-and-PIN or chip-and-signature. While executives with many big-box merchants have argued for PINs, Visa and some major banks have favored either signature authentication or both signatures and PINs, arguing that signatures are more familiar to U.S. cardholders.
Sykes leaves no doubt where he stands. “This [split] is hugely surprising,” says Sykes. “I have yet to hear a convincing argument why the market would go to chip-and-signature.” Calling chip-and-signature “a bag of snakes,” he argues only chip-and-PIN offers the security of two-factor authentication (the card and the PIN), since signatures are easily faked.
Calling on the U.K. experience, the Auriemma document also recommends among other things that U.S. payments players develop a comprehensive plan for consumer education and enact it early on. It also urges that issuers and merchants adopt a 3-D Secure authentication program to protect against the expected movement of point-of-sale fraud to the online channel. 3-D Secure technology allows e-commerce shoppers to identify themselves with a personal code when buying from a Web site.