The global chip card standard known as EMV became a reality for U.S merchants, acquirers, and issuers in October 2015. That’s when the liability for counterfeit card transactions at the point of sale shifted, by network rules, from issuers to merchants if the merchants weren’t prepared to accept EMV cards. So here we are, more than a year and a half later—time enough to start making a fair assessment of just how this transition has proceeded.
Many observers, including most merchants and probably a fair number of people in the acquiring chain, could be forgiven for concluding the shift to EMV in this country has been nothing short of shambolic. Consider the evidence:
– A sudden avalanche of chargebacks hitting shocked merchants;
– Rising card-not-present fraud;
– Bitter controversies between merchants and the networks over PIN-debit transaction routing
This bill of particulars doesn’t even include several other inconveniences, such as consumer complaints about pokey transactions, a slowdown in terminal sales after an initial boom, and a three-year delay in the liability shift for fuel-pump EMV.
The first issue, while maddening because it affects consumers, is getting solved, mainly with software that skips authentication routines that aren’t necessary in the U.S. market. The second issue affects mainly terminal makers and will no doubt iron out over time. The third problem, though, could blow up into a major issue if fraudsters decide to target fuel pumps.
The three bulleted issues above, however, are substantive problems that are likely to have long-term implications. The first and third issues have already resulted in complex litigation that could take years to wend its way through the courts, creating uncertainty and piling up legal costs.
The second issue, concerning e-commerce fraud, has plagued virtually every country that has adopted EMV, and so is not unique to the U.S. experience. But it’s a huge problem nonetheless, if only because fraudsters’ field day online offsets a portion of the fraud savings EMV was meant to generate in brick-and-mortar stores. A new protocol for online security, 3-D Secure 2.0, may make a difference, but only if enough e-commerce merchants adopt it.
Did it have to be this way? Was EMV simply imposed by a cabal of imperious payment networks with little or no regard for the possible consequences? Has the cure for fraud been worse than the disease?
As editor of this humble magazine, I’ve heard these questions and more on the phone and in person over the past 18-plus months since EMV started to roll out in earnest. I don’t have an easy answer. Do the people who planned this whole enterprise have one?