It is not the purpose of this column, this month, to draw up a bill of indictment against the Europay-MasterCard-Visa (EMV) specification for chip cards. After all, EMV has acquired an air of inevitability in the United States now that the four principal card networks have issued deadlines for processor compliance and liability shifts for non-complying merchants. And the standard has proven effective against counterfeit fraud in the regions where it has been deployed.
But the problems with EMV, as it encounters the U.S. payments market, keep mounting. We documented one of them in the cover story in our March issue (“Durbinizing EMV”). This problem, which has roiled the nation’s debit networks and remains unresolved, turns out to be yet another unintended consequence of the celebrated Durbin Amendment.
In this issue our Security Notes columnist, Gideon Samid, takes a swing at EMV. His beef? The U.S., long a holdout against EMV, has waited too long. The technology is old hat by now, having emerged in the mid-‘90s, and ought to be superseded by mobile systems. And in our Trends & Tactics section, we report on a panel of major retail executives who denounced EMV at a recent trade show. Their beef? EMV costs too much for the anti-fraud benefits it delivers, especially for merchants, like fast-food outlets and petroleum stations, that do business with a high percentage of PIN-protected debit.
Then there are some, like ATM deployers, who take issue with those EMV timetables from the card networks, arguing the deadlines are too aggressive.
We do not pretend to the expertise needed to separate the legitimate concerns from the mere carping. And, as we noted, little of this is likely to slow the progress of the EMV engine in this country. That train has left the station. But one point made by the retail executives on that panel stays with us, and, it seems, doesn’t receive enough attention.
It’s that EMV’s very effectiveness against point-of-sale card fraud merely drives criminals to ply their craft online. Indeed, in region after region where EMV has been deployed, online fraud rates have risen—more than doubling in the United Kingdom, for example, as a fraction of all card fraud between 2004 and 2010.
This column has advocated PINs for online transactions before, if not always the specific technologies advanced to make that happen. So far, though, progress here has come in fits and starts. Now, with full-scale U.S. EMV implementation already under way, it may be time for online sellers of all sizes to revisit the PIN question. Their time, after all, is running short.
John Stewart, Editor
john@digitaltransactions.net