Last month, we took a long look at the Europay, Mastercard, and Visa (EMV) standards . By way of reminder, October 2015 is the date by which all restaurants and other merchants are required to have implemented these standards, which primarily reflect a shift from magnetic-stripe credit cards to chip cards or potentially be liable for counterfeit fraud. Considered safer and widely used across Europe and in nations around the world, the chip-based cards require insertion of the card into a terminal for the duration of a transaction, a break here from our traditional swipe-and-buy behavior. That’s just one way in which EMV changes things here—but it’s not the only way, nor is it the most important way.
The main driver in the EMV migration is card-related financial fraud. As an example, and traditionally, card fraud in the United Kingdom has always been considerably higher than here in the U.S., primarily because the U.K. previously used offline card authorization as opposed to the online card methodology used here. As losses due to fraud rose steadily in U.K., despite the best efforts of global law enforcement agencies to reduce it, the pressure to find a solution built around some alternative authentication strategy mounted. From this concern, EMV was born.
Is it working? Recent statistics from the European Central Bank (ECB) revealed that, despite growing card usage, fraud in the Single Euro Payments Area (SEPA) – a mature EMV territory that includes all 28 members of the European Union, Norway, Liechtenstein, Iceland, and Monaco – fell 7.6% between 2007 and 2011. This decline is underpinned by a slowdown in the growth of ATM fraud as well as a 24% drop in fraud carried out at point-of-sale terminals. The 2008 Canadian roll-out of Chip and PIN had a dramatic impact on fraud there. Card skimming had accounted for losses totaling $142 million, but that figure dropped to $38.5 million in 2009, according to figures provided by the Interac Association. Keep in mind that some critics point to the fact that most of this decrease comes in the form of face-to-face card fraud and that criminals merely shift their focus onto some other area that is less anti-fraud focused. Still, there are positive gains and as technologies improve more successes are sure to follow.
So why has the U.S. not embraced EMV sooner? Part of the reason is because our fraud problem, while significant, has typically been among the lowest rates among highly-developed economically-mature countries. Much of that is due to the online authentication methods at work here. In England’s old offline authentication method, credit card transactions were gathered together at specific times – typically, at the end of the business day – and then batched over to the card issuers for authorization. It’s a method that gave those committing fraud a significant time lag between the transaction and the authorization, and this time lag contributed greatly to the higher levels of fraudulent activities in England. Here at home, our online authentication methodology permits authorizations to be done in real-time, thus thwarting a significant percentage of the fraudulent attempts at the point of sale, the best place to stop fraud. Our online authentication methods also incorporate multiple fraud and risk parameters as well as advanced neural networks that are ‘built-in’ to the approval process. It’s been a highly effective system that works well when compared to most alternatives.
However, for Europe and for much of the rest of the world, adoption of the EMV technologies changes things dramatically, at least in terms of authentication protocols for both online and offline purchases. During an offline transaction using the EMV chip card, the payment terminal communicates with the integrated circuit chip (ICC) embedded in the payment card. This is a break from the old method which involved using telecommunications to connect with the issuing bank. The ICC / terminal connection enables real-time card authentication, cardholder verification, and payment authorization offline. Alternatively, in an online EMV transaction, the chip generates a cryptogram that is authenticated by the card issuer in real time.
The effectiveness of our authentication processes has helped fuel the resistance to full EMV adoption here. However, the EMV migration has gained momentum to the point where it is only a matter of time. The truth is that, despite the gains in preventing credit card fraud, and despite the best efforts of EMV’s backers to push acceptance through, global adoption of the EMV standard is still considerably less than 100%. Take a look:
When you look at the rates, they clearly favor the trend of countries who want to see others using EMV chip-enabled cards in their economies. It’s only the traditional European countries – such as these in the U.K. – that are adopting both EMV-enabled cards and terminals at a reasonably rapid rate.
Given all these considerations, it’s fair to ask if EMV adoption has any real value here, however, the prevalence of the global adoption movement coupled with the weight of EMV’s backers, VISA and MasterCard, make its arrival on our shores a business reality.