The day the payments industry has pointed to for several years arrives today, a turning point in the U.S.‘s migration to EMV chip-and-PIN cards.
Rules set by Visa and MasterCard as of today, the liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. Banks will be issuing EMV Chip Cards.
An enormous change, as everyone learns to deal with the new technology that requires consumers to insert their cards and leave them in the store machines throughout a payment transaction, rather than swipe.
In a recent survey, less than a third of merchants overall have invested in EMV-compliant technology, and one study said 80 percent of small and midsize merchants have not upgraded their systems as of today’s liability shift.
Issuers are claiming to be more prepared than merchants, but according to the Smart Card Alliance, around 200 million chip cards have been issued to U.S. cardholders. That, however, is less than 17 percent of the approximately 1.2 billion payment cards in circulation.
What is clear is that today does not represent the end of the journey. The lack of preparedness at the physical point of sale, however, may be beneficial for card-not-present merchants.
Over the past few months, the mainstream media has awoken to the fact that implementing EMV does not mean fraud will disappear. Fraudsters quickly adapted to the difficulty of counterfeiting cards by attacking Card-Not-Present channels, where a chip has no effect.
In other markets, fraud migrated quite rapidly to card-not-present channels. It is necessary on e-commerce merchants to protect themselves with an array of tools, like device authentication, one-time passwords, randomized PIN pad and biometrics. Fraud mitigation tools like data analytics, address and CVV verification, 3D secure and tokenization. These services should be available from their merchant acquirer processor or gateway.
There should be a gradual reduction in card fraud over the next 12-18 months in spite of the delays in this country’s EMV migration. It’s going to take time for the technology to be adopted.
U.S. Merchants’ overall relative lack of preparedness for EMV may give e-commerce and mobile merchants time they didn’t think they would have to explore the options.
Sophisticated authentication technologies such as biometrics will help increase the security of card transactions. Device-based verification could be easily incorporated in an EMV transaction.
Banks have expressed interest more in using the phone as a biometrics. It’s all going to depend on what is the most convenient way to access your funds. The nice thing about biometrics is it’s meant to enable more convenience and stronger security.