EMV Migration Accelerated by Security Breaches
The number of credit card fraud cases in the U.S. has reached epidemic proportions. Massive security breaches at Home Depot and Target have accelerated migration to EMV. And it's about time. Credit card hackers and counterfeiters siphon $11 billion from the global economy each year.
Chip card, EMV card, Smart card, it's all the same. Merchants need to prepare for a seismic shift in payment technology and liability rules. Although not a cure-all, EMV will better protect consumers and cut deep into credit card fraud cases.
The EMV Story
EMV, short for Europay, MasterCard, and Visa, is a chip-based authentication system already standard in the rest of the world. Despite a history of technical firsts, the U.S. is the last mover on EMV technology. Why?
Until 96 million customers from Depot and Target had their credit cards compromised, merchants and financial institutions in the U.S. balked at the transition costs required to shift from magnetic stripes to EMV technology. New in-store hardware, new processing systems, new cards and new liability rules – collectively – influenced 10 years of U.S. feet dragging no longer acceptable in the rough trade of credit cards.
The U.S. suffers from the highest percentage of physical fraud in the world, and the bad guys prefer easy marks – non-EMV compliant countries like the U.S.
More telling, when compared to early EMV adopters like Europe, Canada and Latin America, U.S. credit card fraud is going in the wrong direction. Fraud in the U.S. is way up, while everyone else has seen a decrease in fraud cases since migrating to EMV. Even worse, the scale of recent credit card heists in the U.S. is really bad for consumer confidence.
Stopping the Bad Guys
The technology behind EMV is not new. Nor is the application, as the UK has enjoyed immediate success since adopting the EMV standard. By placing computers at both ends of the transaction, cryptography and authentication can operate in a secure environment. EMV encrypts transaction data each time a card is used. And each time a card is used the data changes.
Magnetic stripes, on the other hand, act as a container for static data that can be easily passed around once a single card has been compromised. Stolen swipes can then be copied, sold, packaged in bulk and sold again.
The credit card underground includes forgers and hardware makers that add a tangible element to a costly, broken process. Once a simple genius replacing impression rollers, magstripes are now the engine driving a fraudulent empire and the root cause of a lot of pain and bad PR for some of our largest – and most trusted - retailers. Consumers get stuck in the middle not knowing where it's safe to spend money.
EMV places all of the computer logic on the card, negating any advantage hackers would gain by snooping on a transaction. A cheap microprocessor turns each card into a much safer vehicle for transactions.
POS equipment sales may prove a good way to take the temperature of EMV migration in the U.S. Large restaurant chains will have to make large investments in new equipment. Smaller retailers, with fewer terminals, may get by with simple add-on devices. Regardless, if retail security breaches continue to escalate and retailers find themselves on the hook for fraudulent activity, EMV-compliant equipment will be making a dramatic entrance, and fast.
As consumer payment preferences increase, retailers are tasked with making POS transactions secure and convenient.
VeriFone, a leader in integrating EMV technology into payment solutions, suggests retailers purchase a device capable of processing both EMV contact and contactless transactions. EMV supports chip-and-PIN, or contact transactions. Contact payments are inserted into a POS terminal for the entire transaction.
Can We Fix Ourselves?
A perfect storm of media attention, angry customers and new liability rules are finally moving the needle on EMV in the U.S. Fraud victims know banks have historically covered credit card fraud. Going forward, EMV migration will shift liability to the least compliant party in each fraudulent transaction. Merchants who haven't upgraded equipment to process chip-based cards will be the most vulnerable.
American Express, Visa, MasterCard and Discover target October 2015 for the liability shift. Although industry experts don't expect everyone to comply by that date, expectations are that 70 percent of credit cards and 40 percent of debit cards will support EMV by the end of 2015.
The U.S. is the largest and most fragmented market to adopt the EMV standard. New cards and terminals are not the only obstacles. The software overlaying the entire EMV system must be airtight. Getting everything tested and turned up across a complex web of transactions is no small task. Big ships take awhile to turn around. But we have made progress.
CSI Software's position on Europay
Credit cards and credit card reading/processing devices for Point of Sale are changing. Over the next 1-2 years, new technologies and a new standard known as Europay, MasterCard and VISA (EMV) will begin to be utilized with the goal of reducing credit card fraud for merchants in the US. These technologies have been used in most countries for the past several years and have proven to be very effective in preventing credit card fraud.
EMV capabilities and requirements will begin to become an industry standard in the US based on deadlines that become effective as early as October 2015. CSI wants to work with our customers to be certain that you can take advantage of these new technologies that will reduce your exposure to credit card fraud and the potential for associated financial liability. CSI has partnered with VeriFone, a major provider of credit card hardware, software, and credit card gateway services. It is our plan to have a single source, end-to-end solution that takes advantage of these new technologies and brings to you, all of the advantages of EMV.
Prior to purchasing any new or additional credit card devices such as card scanners or signature capture devices, it is important to consider the long term viability of the devices in light of EMV. Please talk with your CSI Software Account Manager or our hardware fulfillment specialist before you commit to purchasing any new devices. These people can describe the devices and services that we feel will best serve our customers and provide the most secure, cost effective solution to take advantage of EMV. Most of the devices and associated services are available as a package for monthly fee. You should consider hardware today that is capable of utilizing future EMV technologies so that you can gain the most value from your purchase.
About CSI Software
CSI Software provides fully integrated, single source health and fitness club management software to health and fitness clubs, campus recreation centers, parks and recreation facilities, wellness centers and hotels and fitness resorts, as well as JCC, YMCA and YWCA organizations.
EMV will better protect consumers and cut deep into credit card fraud cases.