At Finsphere, beginning back in mid 2014, we started to blog about the transition to EMV (for Europay, MasterCard, Visa, or “chip and pin”) from the perspective of our expertise in “mobile as identity.”
We have demonstrated that the relative proximity of consumers’ smart mobile devices to their uses of debit or credit cards is a powerful way to authenticate identity – so much so that jointly with Visa, we developed a solution which Visa named Mobile Location Confirmation (MLC). Visa has commercially launched MLC so banks can utilize it as a way to cut down on the unnecessary declines (known as false positives) in valid cardholder transactions, whether consumers are traveling or close to home.
Meantime, adoption of EMV is now not that far off, so we thought we’d take another look at how the transition is going.
All indications are that the transition to EMV and distribution of new cards to cardholders is well under way at banks and other card-issuing financial institutions. Card-issuing institutions do have a strong incentive to distribute the new EMV cards to replace older ones with magnetic strips; existing cards with magnetic strips have been proven vulnerable to fraudulent use.
Additionally, banks have had financial responsibility for fraudulent card usage ever since magnetic-strip cards were introduced decades ago. For banks, the real incentive to distribute new cards is to meet an imposing October 1, 2015 deadline, after which financial liability for fraudulent card usage could shift in a big way to retailers who accept the new cards for payments without having installed up to date card scanners, readers or terminals.
As a report on EMV in Payments Source explained: “After the liability shift, if a merchant is still using (magnetic strip) methodology and the customer has a smartcard, the merchant is liable. If the merchant has the new Chip and PIN technology but the bank hasn’t issued the customer a Chip and PIN card, the bank is liable. If the merchant uses Chip and PIN technology on a customer’s smartcard and fraud still takes place, the credit card company bears the liability, as is the case today.”
Knowledgeable industry observers say the largest retailers have invested in new card readers and are ready for the October 2015 deadline for EMV. However, these same observers say the transition to new card readers is far less widespread at smaller retailers primarily due to cost concerns, even with the deadline a little more than four months away. Intuit recently released the results of a survey among small businesses that had four key takeaways:
- Awareness of the October 2015 deadline for EMV adoption is low and the majority of small business owners surveyed have not yet committed to migrating to EMV-compatible systems.
- Education should be the top priority for all small businesses, regardless of their current intent to migrate to an EMV-compatible solution (because) few owners understand the implications, including the financial and legal liabilities.
- Among those small businesses that are still undecided, alleviating their concerns over the cost of the card-reading equipment changeover will have the greatest impact in increasing the likelihood for participation in the EMV migration.
- The biggest challenge for adoption of EMV will be among the smallest businesses (those with 1-5 employees) that have the lowest awareness and highest budget concerns.
It’s unfortunate that many small businesses still don’t recognize that, for them, the new liability for fraud could far outweigh an investment in new readers.
Putting the transition aside, we at Finsphere are waiting to see what happens when EMV is more widely implemented and how cardholders react to what probably will be longer transaction times. Initially, at least, the customer checkout experience will suffer, we believe, because cardholders will have to take the extra step of either entering a pin code or signing a receipt to complete the two-factor authentication called for in EMV.
We’ll continue to share more thoughts on EMV and potential ways mobile devices can be used as part of EMV authentication/validation without having to use pin or signature going forward.