Will Retailers be Ready for EMV by Oct 2015?

463800051-1024x682

In October 2015, the much-discussed Payment Networks’ Liability Shift associated with EuroPay, MasterCard, and Visa (EMV) is due to take effect in the United States. It’s a major milestone for financial companies (meaning banks and credit unions), credit card issuers, retailers, and more. There is a great deal of information, and misinformation, afloat regarding the US EMV migration roadmap as presented by the Payment Networks. Shedding some light on the realities involved is helpful for everyone concerned.

There are an estimated 1.24 billion payment cards and 15.4 million POS terminals currently in use, most of them in other countries. Making global financial transactions work across many cards and devices are smart chips embedded within new EMV-compliant credit and debit cards. These chips make interfacing with the various POS terminals possible. However, the EMVCo standard has yet to be adopted globally, a situation that the Payment Networks’ EMV migration roadmap for the US intends to correct. To date, Europe, Canada, Latin America, and the Asia/Pacific region are all well on their way with migrating from the legacy magstripe standard to EMV chip card technology. The U.S., the world’s single largest user of payment cards, has just begun the process. However, the potential impacts of being the last bastion of magstripe technology is forcing U.S. financial entities to take the idea seriously.

The main driver behind the EMV migration is card-related financial fraud. Despite the best efforts of global law enforcement agencies, global losses have risen steadily, increasing pressure to find a global solution. Annual costs of card fraud in the U.S. alone are estimated at $8.6 billion per year. Experts believe that figure will rise to $10 billion or higher by 2015, especially if the U.S. does not make significant progress with chip card adoption.

The rising cost of fraud is accompanied by a concurrent rise in mobile payments. In 2010, the total gross dollar volume of mobile payments in the U.S. alone was $16 billion; some experts expect this volume to rise to $214 billion by 2015. If ever there was a time to ensure compliance with a global chip-compatibility strategy that reduces fraud, it’s now. This is especially true in light of the fact that many countries are now considering banning traditional magnetic stripe cards, a technology standard in use for over 40 years.

It’s estimated that 40% of the world’s cards and 70% of its terminals deployed outside the U.S. are today using the EMV standard. Visa, a prime mover in the US migration to EMV, states that the pace of EMV-adoption is accelerating globally, estimating that right now, 62% of transactions conducted across international borders involve a chip-enabled card used at a chip-enabled terminal. Currently, our government is content to let the financial industry set its own course- but that hands-off approach may not last long.

One key component in the EMV discussion is its accompanying liability shift. This liability shift means that those issuers and merchants using non-EMV compliant devices that choose to accept transactions made with EMV-compliant cards assume liability for any and all transactions that are found to be fraudulent. MasterCard defines the liability shift this way: The party, either the issuer or merchant, who does not support EMV, assumes liability for counterfeit card transactions. Understand that by issuer, the card companies do not mean themselves; the term refers instead to banks, credit unions, and any other financial institution issuing credit or debit cards.

Liability is an emotionally charged power word with potentially huge and disturbing ramifications. Still, the threat of assumed liability does not mean that entities involved in card-based transactions must move toward EMV compliance immediately. What it does mean is that issuers, acquirers, merchants, and others must start planning their course of action. For some, like ATM acquirers for which cross-border EMV transactions are minimal, accepting the risk imposed by the liability shift in favor of implementing compliance later might be the best strategy. For others, some EMV-related implementation is essential, so planning must begin soon, if it’s not underway already.

Funding that implementation of EMV-compliant cards and devices represents a major expense item. Courtesy of Javelin Strategy & Research, here’s a big picture look at potential costs involved in achieving EMV compliance in the U.S.:

Cost of migrating to EMV

No matter how you slice it, $8.65 billion is a big number, however, there is a positive aspect to this. Earlier in this post, I pointed out that by 2015 it is estimated that the annual cost in this country for card-related fraud is $10 billion. If companies commit to the $8.65 billion spend in 2014, then fraud-related costs for 2015 could drop exponentially. With improved EMV-compliant technologies and continued reduction in the frequency of fraud thanks to intensified law enforcement efforts, improvements should continue, adding up to a positive ROI.

There are other advantages worth noting:
• Many of the ATM manufacturers have already changed over to EMV-compliant technology, reducing costs on this front.
• Chip-enabled cards, while initially more expensive to produce, have a longer shelf life than magnetic stripe cards, as well as being capable of ‘flash-updating,’ lowering their costs over time.
• VISA offers merchants who make the conversion an incentive package, relieving some of the financial burdens on that side.
• Adoption of EMV-compliant cards and devices is seen by many as a step toward wider adoption of mobile payment methods.

So where do we stand today?

• According to EMVCo, 1.55 billion EMV cards- accounting for 41% of the total payment cards in circulation worldwide- have been issued as of Q2 2012.
• It also reports that 18.7 million EMV-compliant POS devices- accounting for 71% of the total number- were installed in Q1 2011.

This chart, courtesy of EMVco, provides a quick glance at how far along adoption is in other countries:

EMV adoption in other countries

As far as timelines for compliance, the main entities behind the EMV Mandate have individualized their requirements. Courtesy of the SmartCard Alliance, here is a chart listing their timelines:

Timeline for EMV Milestones

These dates make one thing clear: While EMV may not impact your business today, it soon will. Are you prepared?

Leave a Reply

Your email address will not be published. Required fields are marked *

There are 48 comments for this article
  1. Pingback: Tokenization: Introducing a New Global Standard? - Total Payments : Total Payments
  2. MyrddinWilt at 11:42 pm

    The cost of deploying EMV is probably greater than the annual fraud losses.

    But the reasons that EMV deployment is inevitable are (1) card fraud is a major source of funds for organized crime and terrorism, (2) the costs of dealing with the fraud falls on the public purse and the government does not want to continue to pay for investigating and prosecuting preventable fraud or locking up the convicted criminals and (3) Target and Home Depot are fed up of the banks making their rubbish card security model their problem.

    I think Home Depot is going to be litigating any attempt by the banks to hold them liable for the data breach. It was the bank’s own negligence that made it possible.

  3. Pingback: Apple Pay Details: Apple Gets 0.15% Cut of Purchases, Higher Rates for Bluetooth Payments - Do You Still Hate Me?
  4. Pingback: Despite Changing Technology, ATMs are Not Cashing Out | The Dunbar Blog
  5. Jeri Rogers at 5:46 pm

    What I’m not seeing is what happens to our business? Most of our credit card transactions are keyed entries, I never see or handle the card at all. Our clients call us with the card information and I key it in. Doesn’t matter if I have a swipe or a chip.

      • Zach at 11:40 am

        Jeri,
        The information provided to you below by Hiawatha is WRONG. I am the Director of IT and Technology for a major credit card processor in the U.S. EMV requirements only impact businesses that do “Card Present” transactions. Keyed transactions are not card present. All EMV cards will continue to have card numbers and can still be keyed into a machine that is not capable of EMV. EMV has NO IMPACT on businesses that do keyed transactions. Anyone who tells you that you are not compliant is lying to you so that they can sell you a new machine that you don’t need right now. I would be happy to answer any questions for you about EMV. I’m not your processor, just a nuetral voice who doesn’t like to see people being taken advantage of.

          • smerkouris@gmail.com at 2:31 pm

            Hi Jeri,

            Zach is right, I have been in the business 14 yrs and can tell you it is in your best interest to stay away from agents who leave out the most important information… COST. Hiawatha , hopefully you are just ignorant to these fees and not intentionally leaving them out.

        • Wanda Love at 11:31 am

          Glad you said that, bc I was with a company, as a sales person, that advised me that in OCT of this year, everyone would need their machine in order to process the card. Ha. Thanks for the info.

      • Andrew Malolos at 12:34 pm

        Hi Hiawatha,

        I happen to be a selling card solutions to merchants and was kinda new to EMV compliant terminals. So you are saying that regardless it’s a key-in or a credit card is swiped physically in the terminal, the possibility of losing the data transactions are some of the big issues that is why a merchant should migrate to EMV Compliant Terminals. Is it also true that by October 2015, merchants who do not comply with the EMV Compliance will now borne the cost any fraudulent transactions or any claims that their customers who calls their banks to reverse payment. Thanks

        Andrew

        • Andrew Malolos at 1:07 pm

          Thanks Hiawatha,

          Sorry to be so ‘dumb’ with this technology. I need to read more. But since your are here, can I ask one more question? Just to anticipate same questions that might be asked.

          I saw a payment terminal with different readers Swipe, Proximity and Chip. I believe this terminal is EMV compliant. Is it the CCARD with the SIM are the ones protected? How about the CCARD WITH mag stripes? Or even proximity app sensors? Can you explain? Thanks again.

          Andrew

          • smerkouris@gmail.com at 10:39 am

            If they are only keying in and never swiping they will not need it. In another post on here you are saying swiped or keyed merchants. That statement is incorrect. Good luck in your endeavors this will be my last post.

          • Wanda Love at 11:35 am

            And with my anti-credit card theft idea, it doesn’t matter if they are swiped, wiped, or keyed in. If the persons , who invented this idea, just took a step outside the box, for a moment. None of that is needed. Not even a chip. Why? Look at my first name and remember it. Bc you can thank me later. I can’t believe that all of the ideas out already, no one can be 100% guaranteed. If I , as one person, can be, then a group of millionaires should be twice as strong. Maybe not..hmm.

    • Wanda Love at 11:27 am

      I have an idea that is going to be 99.9% fraud free, whether it be
      keyed in or swiped. All of the ideas now by Visa and EMV are cute, but
      as a consumer, I want to be protected 100%, not just a guess or hope.
      I want myself and all Americans to be safe. This is the US and we are strong
      in everything else, why not be stronger in securing the money we worked
      for, and that helps America to continue to grow? Right now , I am just
      researching the ideas that my competitors, and came across this one, which I was
      already familiar with. After I find a company that will take on my idea,
      the consumers are not going to want chip card.For ‘what? It’s not
      100%! I work to hard for my money.

    • Wanda Love at 11:43 am

      @Jeri and Hiawatha: Here are the facts:
      Part of the October 2015 deadline in our roadmap is what’s known as
      the ‘liability shift.’ Whenever card fraud happens, we need to determine
      who is liable for the costs. When the liability shift happens, what
      will change is that if there is an incidence of card fraud, whichever
      party has the lesser technology will bear the liability.

      So if a merchant is still using the old system, they can still run a
      transaction with a swipe and a signature. But they will be liable for
      any fraudulent transactions if the customer has a chip card. And the
      same goes the other way – if the merchant has a new terminal, but the
      bank hasn’t issued a chip and PIN card to the customer, the bank would
      be liable.

      The key point of a liability shift is not actually to shift liability
      around the market. It’s to create co-ordination in the market, so you
      have issuers and merchants investing in the migration at the same time.
      This way, we’re not shifting fraud around within the system; we’re
      driving fraud out of the system.

    • Lauren Tanis at 10:53 am

      Hi Hiawatha — Help Please —

      Someone please explain to me how this “shift in liability” is any
      different than it is today — If a merchant takes any kind of
      transaction that is disputed as “fraudulent’ — if they can’t produce a
      signed receipt, the merchant will lose the chargeback — how is this any
      different.

      Or reciprocally — if a merchant is EMV compliant, and someone pays with a Chip card — is that transaction chargeback proof?

      Clarification please?

  6. Valerie Van Kooten at 10:28 am

    I am glad to see this happening. As one who travels often in Europe, I am having a harder and harder time getting any merchants there who want to deal with my “swipe” card. I had one merchant charge me an extra fee because I had one.

  7. Deborah Salanitro at 3:29 pm

    OK I run a very small winery/tasting room. We use Square as our register and have a card swipe docking station we got at Staples. Since we are new – a start up really – I am hoping we wouldn’t have to incur any other costs – I only recently found out about this the other day from a friend – and I am far from a “tech” or finance person so…any help is appreciated!

    • Amanda M at 9:43 pm

      Square does have a chip reader that makes them EMV compliant. As long as they sold you the new reader you should be good. The reader would allow you to not only swipe the old mag stripe cards but also insert the portion of the card with the chip in it into the reader to read the chip data.

      Amanda

      • Sean Rupe at 9:24 pm

        7 basis points?!?! Your assuming the average ticket as $100?? What’s the per item fee? Batch Fee? Statement fee? PCI compliance?

          • Sean Rupe at 9:59 pm

            so…it’s basically $10 bucks a month and .35 per transaction…There is a per item fee every time you hit the network…it’s .35 or something else..it’s not free…

      • smerkouris@gmail.com at 2:21 pm

        Where is the interchange rate Hiawatha? anyway Bankcard of New York has to charge you (give or take) 2% on interchange and then there is a transaction fee. His deal will be worse unfortunately. Watch out for people that will leave out 95% of the cost.

        • smerkouris@gmail.com at 3:32 pm

          You are not including interchange. No my bill would not be $21. Come on Hiwatha, are you familiar with the interchange that you have to pay the issuing bank? If you are not you should not be in this business

          • smerkouris@gmail.com at 6:07 pm

            Good, so in your example $100 charge but they will get 99. 93. Is totally incorrect. I agree with you that square is not a great solution, but when compared to other merchant service providers it is not that far off in your example

          • Thomas Brown at 3:05 pm

            Why do you act like he is so wrong you can’t tell what card they are gonna get to actually be accurate on the interchange charges that’s like a needle in a hay stack. The right way is to send statements to see what they do and show them the real #’s he is right for the processing fees solely, but there are other fees that collectively make up a merchant account. I mean really can you tell me what cards they will get? Is it a business card, a rewards 1, EIRF debit, CPS Small Ticket Debit?

    • grewpy.com at 2:06 pm

      For a startup with low volume, a solution such as Square or PayPal Now is actually the most simple and best choice. Traditional payment processing is convoluted and there’s fees left and right and it can get overwhelming. When we were starting out (e-commerce business, almost no in-person transactions) we made the mistake of doing that, and the monthly fees, even if we were doing no sales, was too much to bear. I’d rather pay a few basis more PER TRANSACTION when they happen, because as a start-up you don’t really know what your sales will look like one month to the next. It just makes life simple…

      And by the way, Square does have the new EMV-enabled reader (which still reads magnetic stripes) available for pre-order on their site. It’s $49, but if you do $100 worth of transactions in 3 months, they give you back the $49 as a credit. Like I said, start-up friendly…

      (If you are e-commerce only, there are also many other new solutions out there. We are currently using Stripe.)

  8. poop. at 2:40 pm

    EMV tech is at a slow crawl because some businesses either can’t be bothered, or are trying to figure out a way to put it off for the absolute last moment that the mandate allows. People like Mr. Hiawatha Colbert only serve to complicate things by saying “hey you need to comply eventually, oh look, I happen to sell EMV technology so buy it from my company” being awkward as hell towards his potential customers and not necessarily fostering a culture of understanding, mostly to try and get a foothold in the burgeoning payment technology (in the US). (Also Mr. Colbert, the CEO of Capital Bankcard New York, suddenly appears on a comment board for some reason to give “advice” aka sell his company’s services? If this really you, MAYBE review the way you’re approaching people to sell your services, especially as your company’s lead exec?? Other people have been explaining the situation better.)

  9. Phil Nicholls at 11:04 pm

    I too work in the payments industry, but am not going to sell anyone something here! Having worked and lived in Europe and Canada I am very familiar with how these systems work for the consumer. Although all Canadian merchants use NFC or chip as default, if one uses a pre-chip Wells Fargo card in Canada, one simply swipes it (as all readers have both). Also every “at pump purchase” of gas in Canada requires that the pump “grabs” your card and hold it while you enter you PIN. It helps reduce some sorts of fraud, but statistics show that fraud simply ‘shifts”. Signing for a card transaction is loose security, but “tap” near field transaction (though limited in $ value) offer no security. EMV mandates are a great windfall for those making cards and devices. Frankly as a consumer the chips are durable and I like the “password protected nature”. Everyone will get used to the switch. High fraud merchants will still have some types of issues and low fraud merchants will continue to have low.

  10. darknesscrown at 4:15 pm

    I own a music post-production studio and if any of my clients try to pay with a magentic strip card, I simply tell them to get cash. People aren’t going to get on board and change the way they do things unless they are forced to do it. This discussion about the “cost” of converting is imbecilic. There is no cost-benefit analysis to do here. At all. It must be done whether you want to spend the money on it or not. It’s 2015. Adapt or die. When I lived in Europe in 2007 they were using this technology and actively trying to get people to stop using cash. I move back to the U.S. and Americans simply refuse to change. Well, too bad. You will now. LOL

    • robtex at 1:20 pm

      The last time I got a new ATM card it came with the EMV chip. Cards will ware out and consumers will automatically get an EMV card.

  11. Chere Perrigo at 11:51 am

    So from a consumer standpoint….let’s say I buy something online & my card is stolen & used for other online purchases…..who is liable for that fraud? By the sounds of it, I am.

  12. Mirna at 10:28 am

    This is just a concerning growth in our end as we see volumes of charge backs from patrons whom visit our establishment but then decided they were a little too intoxicated and do not recall any of the charges.

  13. Lauren Tanis at 10:50 am

    Someone please explain to me how this “shift in liability” is any different than it is today — If a merchant takes any kind of transaction that is disputed as “fraudulent’ — if they can’t produce a signed receipt, the merchant will lose the chargeback — how is this any different.

    Or reciprocally — if a merchant is EMV compliant, and someone pays with a Chip card — is that transaction chargeback proof?

    Clarification please?

  14. Pam at 10:03 pm

    Can somebody please tell me if I need the new EMV software or not mine are all keyed in manual unless my customer is setup to pay online. Right now First Data is charging me extra fees do to invalid information?? So confusing!

Payments Leader

Payments Leader from FIS Global provides insights on credit, loyalty, fraud and emerging payments strategies through blog posts from our industry experienced authors.