A chain is no stronger than its weakest link – U.S. retail merchants are beginning to understand what this means as the EMV Fraud Liability Shift nears.
On October 1, 2015, retailers are required to have upgraded their point-of-sale (POS) terminals to accept new EMV-chip enabled cards. The key driver behind this requirement is the quest for more secure card payments at the POS.
EMV stands for Europay, MasterCard, and Visa, the original members. The group was formed to set a standard for the global payment industry. The first EMV standard was written in 1993 (here’s an excellent interview with Philip Andreae who was the chief architect of the standard). In 2002 Europay merged with MasterCard, and since then other card networks such as JCB, UnionPay, American Express, and Discover have all joined the EMV ranks.
So, what happens on October 1? From this date on the responsibility for any card-present fraud at the POS will be borne by the weakest link in the credit card transaction processing chain. The least compliant part will have to bear the brunt of any card-present fraud that is perpetrated. Issuers have been sending EMV chip-enabled cards to their customers, the consumer, and retailers are expected to upgrade from their mature mag-stripe terminals to ones that will accept these new EMV chip-enabled payment cards.
For example, if there is fraud on a transaction at a mag-stripe terminal carried out by a user with an EMV chip-enabled card then the responsibility rests with the acquirer, as their customer – the merchant – has failed to upgrade their terminal to meet the requirements of EMV.
Acquirers simply need to ensure that their customers (the merchants) are meeting the demands of this requirement.
So, what are the benefits of EMV migration? According to the EMV Migration Forum – an independent, cross-industry body created by the Smart Card Alliance – the main plus points are:
- Reduced counterfeit card fraud at POS
- Cardholders will have the ability to use secure EMV payment cards globally
- Preparation for NFC mobile contactless payments
The liability shift’s intention is clear – it’s all there in the title: EMV Fraud Liability Shift. There’s EMV (the guys that don’t like fraud); there’s the fraud (someone just isn’t playing fair), there’s the liability (someone has to take responsibility for those guys who are not playing fair), and there’s the October 2015 shift (a passing of the fraud buck: “It’s not our fault, it’s yours.”).
The EMV hierarchy have laid out their plans in the quest for a more secure payments industry. Acquirers and issuers now need to play along if they want content customers (merchants and retail shoppers).
A seismic shift for U.S. retail
The soon-to-be-introduced EMV technology really is breaking new ground in the U.S.
Usage statistics indicate a seismic shift is taking place in the U.S. retail environment. Between January and December 2014 a mere 0.12% of card-present transactions in the U.S. were via EMV chip-enabled cards. The scale of the planned U.S. EMV migration is glaringly obvious when this figure is compared with western Europe (96.6% of transactions via EMV-enabled cards); Canada, Latin America, and the Caribbean (85.41%), as well as Africa and the Middle East (80%).
Project ‘EMV USA’ truly is an enormous operation, and if acquirers are not prepared then the repercussions could be felt for years to come.
Here are some headline statistics that illustrate the scale of the EMV migration:
- At the end of Q4 2014 just 101m EMV chip-enabled payment cards were in circulation in the U.S., an adoption rate of 7.3%.
- Over 1.3 billion payments cards need to be upgraded, a huge task for issuers alone.
- By mid-2015 120m American payment card users had received their new EMV chip-enabled cards.
- Aite estimates that 70% of credit cards and 25% of debit cards will be EMV-enabled by the end of 2015.
- 12 million POS terminals need to be upgraded.
- The cost of issuing EMV chip-enabled cards and installing the necessary POS terminal card readers will cost $6.8 billion collectively.
- A Javelin Strategy & Research report in June 2015 estimated that only 25% of merchants will actually meet the EMV migration date.
- The U.S. is the final G20 member to adopt EMV chip technology.
For acquirers the carrot of reduced counterfeit card fraud at the POS is a major plus of EMV migration. But there are many more benefits from an acquirer enabling their merchants’ EMV technology upgrade, such as:
- Future-proofing your customer’s terminals, especially with the growth in mobile Near Field Communication (NFC) contactless payments. A recent Forrester report estimated that U.S. contactless payments will top $142 billion in 2019.
- An understanding of their merchants requirements including time, resources, and cost.
- Assorted value-added service opportunities.
If a decision is made not to upgrade to meet the EMV requirements then there are risks attached, such as:
- Well, fraud liability. The merchant will, more than likely, be on the hook for any fraud that occurs in a specific payment card transaction that originated at their retail store.
- It will significantly reduce the acquirer’s ability to meet the likely rise in a demand for EMV terminals and cost-effectively support these new terminals.
- An acquirer’s ability to meet customer needs diminishes and leads to potential lost business.
Acquirers would be wise to recall Benjamin Franklin’s famous words: “By failing to prepare, you are preparing to fail.”
An attempt to tackle card-present fraud
This requirement from EMV is an attempt to tackle card-present fraud. This is a noble aim, albeit difficult to achieve in practice.
The Aite Group has already stated that counterfeit card fraud in the U.S. will fall from $1.8 billion to $1.77 billion between 2015 and 2018 due to the introduction of EMV chip-enabled payment cards. However, in the same breath Aite also predicts that CNP fraud is set to more than double from $3.3 billion to $6.4 billion. Therein lies the conundrum for the payment card industry.
In other words fraudsters are going to go all in on CNP fraud post-October 2015. Just as they have with card-present fraud in the months and years leading up to the EMV Fraud Liability Shift.
The cost of card-present fraud in the U.S. spiralled in 2014 as a LexisNexis study revealed that “fraudsters’ last-ditch effort to make use of counterfeit cards before the implementation of EMV left merchants the worse for wear. Merchants lost, on average, 0.68% of revenue—a 33% greater proportion than the previous year. Merchants also incurred more costs in addition to their fraud losses, with each dollar of fraud costing them $3.08, compared to $2.79 last year.”
It is also important to note that gas station merchants are not included in the first wave of US EMV migration, they have until October 2017 (October 2016 according to some EMV members) to upgrade. This has led to speculation that card-present fraud will quickly switch to gas station merchants after October 2015.
The same worries hover over card-not-present fraud, e.g. eCommerce transactions.
EMV will reduce card-present fraud but what of the unintended consequences. Fraudsters will still look for weak links. Post-October 2015 those weak links are merchants that have not upgraded their terminals to meet EMV’s requirements; gas station merchants that must wait until October 2017, and online merchants.
It is simply inevitable that online fraud will increase as a result of the EMV Fraud Liability Shift. Take the SEPA area (the European Union’s Single Euro Payments Area). According to a European Central Bank (ECB) report released in July 2015 online fraud in the SEPA area was responsible for 66% (or €958m) of all card fraud in 2013. It was the only type of card fraud to increase as the ECB report pointed towards the introduction of the EMV standard in the EU as the reason for the decline in POS card-present fraud (down 7.9%).
This rise in online fraud may be the unfortunate consequence of the liability shift, but perhaps a necessary one as the U.S. aims for a more secure payments industry.
Fexco Intelligent Solutions is dedicated to continuing innovation across the entire payments value chain. Our Transaction Services solutions provide a secure infrastructure enhanced by a wide range of modular business services and client specific features which facilitate an end-to-end transaction solution for merchant’s acquirers and card schemes. Please contact us to discuss your payment transaction needs.