Cashless commerce in the United States is increasingly becoming the norm. In a survey conducted by the American Consumer Credit Counseling, 80% of respondents indicated that they use debit cards for their everyday purchases, with 100% of respondents in the 18- to 24-years age range indicating that they no longer use cash at all. As a result, criminals are also keeping in step by targeting debit and credit cards.
As a response to this threat, leading financial institutions have developed initiatives and global standards for debit and credit card security. One of these is EMV.
What is EMV?
EMV simply stands for Europay, Mastercard, and Visa. But, aside from acknowledging the three leading financial organizations behind it, EMV also refers to the global standard for securing and authenticating card transactions.
In a nutshell, EMV uses chip technology to encrypt personal and banking information during a transaction. The chips in EMV-enabled cards act as miniature computers that encrypt banking data by generating transaction codes that can only be read by EMV-enabled terminals. These codes are unique for every transaction, making it more difficult for criminals to compromise personal data. EMV adds another layer of security, making transactions more secure compared to traditional magnetic stripe (magstripe) cards.
The EMV standard encourages every financial institution issuing debit or credit cards to replace all cards with smart cards (or cards enabled with chip technology). It also encourages merchants and retailers processing card transactions to update their point of sales (POS) terminals with EMV-enabled systems.
EMV Verification Methods
Aside from encryption, EMV also employs an additional verification process to authenticate the cardholder’s identity and to further secure the card transaction. This verification process can be conducted in two ways:
1.) Chip and PIN. After the EMV-enabled terminal processes transactions, cardholders are required to enter four- to six-digit personal identification numbers (PINs) to confirm their identities and finalize their transactions. The PINs entered must match the codes stored on the chips, making it more difficult for criminals to replicate the cards. This method is the more common verification method in the United Kingdom, Europe, Australia, New Zealand, and India.
2.) Chip and Signature. Similarly, after the EMV-enabled terminal processes transactions, cardholders are required to verify their identities. However, instead of entering PINs, cardholders use their signatures. The signatures are then reviewed by financial institutions issuing the cards. While this method cannot immediately prevent fraudulent transactions, many consumers, particularly in the United States, find this much faster than entering PINs. It also does not require a steep learning curve from consumers because the signature verification methods are also used with traditional magstripe cards. The Chip and Signature method is more common in the United States, South America, and Asian countries.
Benefits of EMV Compliance for Merchants and Retailers
While EMV compliance is encouraged by global card standards, it is not required by any law in the United States. This means that merchants and retailers are not required to update their POS terminals. However, the implementation of EMV standards led to a Liability Shift which transferred the financial risks of card fraud from financial institutions to merchants and retailers.
Prior to October 2015, fraudulent charges were shouldered by banks and financial institutions. Whether a card was chip-enabled or not, banks and financial institutions were financially liable for the transaction. From October 2015 onwards, the Liability Shift went into effect, wherein merchants and retailers are now liable for the charges made through cards with fraudulent chips if they did not use an EMV-enabled POS terminal to verify the cards’ authenticity. In other words, if the merchants continue to use the cards’ magstripes instead of the chip to process the transaction, they will be liable in case of fraud.
Aside from protecting themselves from liability, merchants and retailers can also gain two other key business benefits:
Fraud reduction. Using EMV-enabled terminals not only protects merchants from the effects of fraud — it also protects them from fraud itself. USA Today reported that five of the 25 merchants which were prone to counterfeit fraud observed an 18.3% reduction in infractions when they implemented EMV technology. On the other hand, five merchants suffered a 11.4% increase in fraudulent transactions because they have no EMV systems in place.
Market readiness. Customers with EMV cards prefer to buy from stores equipped with EMV-ready systems that can process their cards. While adoption and usage of EMV in the United States was slow in 2016, EMV usage is expected to grow significantly in 2017. After all, almost every card in the United States is being replaced by its issuing bank with a chip-enabled one. EMV compliance prepares merchants and retailers for a growing number of customers using EMV-enabled cards.
Challenges for EMV Adoption
Despite the benefits of EMV compliance, merchants and retailers face significant implementation challenges for EMV: longer transaction processing time and higher costs.
Longer transaction processing time. Transactions using EMV-enabled cards take longer to process because of the added layer of security. While EMV-ready systems require customers to wait only a few more seconds longer for their cards to be read and authenticated, the additional waiting time is noticeable, especially for mega-retailers with long queues like Walmart. Despite the advantages of its added security feature, millennials loathe using EMV-enabled cards because of longer transaction times.
Higher costs. Cost remains to be the biggest obstacle to EMV adoption. Aside from investing in EMV-enabled hardware such as POS terminals, registers, self-service kiosks, and ATMs, merchants and retailers also need to invest time and resources in staff training and maintenance. Gas stations, for instance, will need spend roughly $3.9 billion to upgrade the POS terminals in their gas pumps in order to enable EMV transactions. Because of this, Visa and Mastercard postponed the EMV implementation deadline for gas stations to October 2020.
Despite these challenges, financial institutions and merchants believe that the benefits outweigh the costs. For one, EMV is expected to significantly reduce losses from card fraud and identity theft. While an investment of $8 to $12 billion for EMV-related technologies can be daunting for merchants in the United States, an annual savings of $16 billion from curbing fraud losses await them.
Take Card Security and Compliance to the Next Level
EMV technology protects merchants and retailers from fraud at the transaction level. However, it does not help prevent hackers from stealing customers’ personal information and banking data at rest. Furthermore, Payment Card Industry Data Security Standards (PCI DSS) require merchants and retailers that accept card transactions to place safeguards to protect their customers’ data whether in transit or at rest in their databases. Non-compliance with the PCI DSS will lead to significant fines amounting up to $500,000 per violation.
Liaison’s tokenization solution enables merchants and retailers to replace sensitive card data such as personally identifiable information (PII) with surrogate data or tokens. Instead of using cardholder data to process transactions and storing the data in repositories, merchants can use and store randomly generated tokens. This not only secures cardholders’ data from transaction to storage, it also narrows the scope of merchants’ systems, applications, and processes that need to be audited for compliance with PCI DSS.
Delivered using the ALLOY™ Platform, Liaison’s tokenization solution stores sensitive data in its encrypted cloud. It also manages the competing objectives of access and security by substituting sensitive data throughout enterprise systems with format-preserving tokens. This enables merchants and retailers to avoid the need for back-end system modifications and allows operations to continue as usual. Contact our data experts to learn more about this solution.