By Kate Fitzgerald, Emerging Payments Editor
Many U.S. payment card issuers and merchants are heaving a sigh of relief after upgrading cards and terminals to the EMV chip standard, in accordance with the October 2015 EMV liability shift for card-present, POS transactions. But for millions of others that haven’t completed the migration, there’s still much work to do before the U.S. becomes one of the last of 80 other global markets to fully adopt EMV payment card technology (see “Forecast”).
Crushing POS Fraud
While some segments of the market will lag behind, the majority of cards and terminals are making the switch this year, following extensive preparation. As with all other countries that adopted EMV, the goal is to reduce counterfeit card fraud, which, in recent years, has been the largest category of all POS card fraud in the U.S., according to industry analysis (see fraud loss sidebar).
Experts say it will take time to see the full effect of EMV in suppressing U.S. counterfeit card fraud, but in Canada, losses from counterfeit debit card fraud fell 73 percent between 2009 and 2012 after EMV implementation began in 2008, according to Interac, Canada’s No. 1 debit network. “Each time a country implements EMV, its counterfeit card fraud rates plunge,” says Stephanie Ericksen, Visa’s vice president of risk products. “We expect that will happen in the U.S. when the majority of issuers and retailers are processing EMV transactions,” she predicts.
Competition will be a major factor in driving EMV forward following the liability shift, Ericksen believes. Research suggests that consumers perceive an EMV transaction to be safer, and issuers and merchants will respond to that, she adds. “There’s an ongoing cross-industry effort to educate consumers and businesses about the benefits of EMV through direct communications, online and in social media,” she notes, pointing to the Website GoChipCard.com—launched in the spring of 2015—which promotes EMV (see sidebar tk).
Millions Aren’t Ready
Though issuers and merchants had about three years to prepare for the transition to EMV, that wasn’t long for such a large card market, experts say. The U.S. accounts for about 1.2 billion cards serving around 313 million account holders. The biggest financial institutions and merchants, with larger technology budgets and resources, were ready more than a year in advance. But some issuers with smaller card portfolios, and millions of small and midsize merchants, are still scrambling to get EMVready, for a variety of reasons, including the cost and complexity of upgrading.
It’s not surprising many payment industry participants are still not EMV-compliant, notes Carolyn Balfany, group head, U.S. product delivery for MasterCard. “The U.S. payments market is especially huge and diverse, and not everyone is moving at the same pace,” she explains. For consumers, this means that for the next several months they’ll see “a mix” of payment terminals with chip and mag stripe acceptance, according to Balfany. “Based on how EMV migration went in other countries, consumers will catch on quickly and get used to a new routine, following payment terminal prompts indicating whether to ‘dip’ [insert the chip] or swipe their card,” she forecasts.
The mag stripe isn’t going away; it will remain indefinitely as part of network branded cards as a backup method for processing transactions. And experts say it may take months or years before the U.S. is fully converted to EMV, as industry participants balance the cost of upgrading versus the risk of fraud exposure.
Will Fraud Migrate, Too?
For merchants that haven’t yet upgraded to EMV, the effects likely will vary, experts say. There’s always the possibility that savvy fraudsters may concentrate their counterfeit card fraud efforts on the operations of these unprepared issuers and merchants, driving up their fraud rates. But what usually happens when the majority of merchant locations becomes EMV-compliant is that fraudsters shift their activities because they’re no longer able to conduct counterfeit card fraud on a mass scale, according to Randy Vanderhoof, executive director of the Smart Card Alliance.
Some observers also worry whether introducing EMV at the POS could possibly cause a sharp spike in fraud via other channels, such as criminals using stolen card data for card-not-present (CNP) transactions, an effect seen in Europe during its transition to chip cards in 2004-2005. “We’re likely to see a sharp rise in CNP fraud in the U.S. as well as new card application fraud using stolen identity information,” cautions Julie Conroy, research director at Aite Group. “As the criminals are no longer able to readily purchase stolen card data off the ‘dark Web’ and make counterfeit cards, they will instead use synthetic and stolen identities to acquire their own cards.”
Not all observers expect the U.S. to experience a sudden rise in CNP fraud, however. “It will take some time to see card-present counterfeit card rates come down, so we don’t expect to see fraud shift to CNP channels overnight,” says Vanderhoof. “Retailers increasingly are applying a holistic approach to fraud risk as they expand into omnichannel commerce, and those that do it well will be protected from the expected increase in CNP fraud likely due to the explosive growth of e-commerce itself, not necessarily the POS shift to EMV,” he adds.
The shift to EMV won’t eliminate all card fraud, but it will put a stop to the fastest-growing category, Vanderhoof emphasizes. “EMV eventually will be one of several major planks in our bulwarks against card fraud, including broader use of tokenization,” he adds. “But everything begins with upgrading to EMV, and we’re well on our way there.”