Like millions of Americans, I had family visiting for the holidays. But my parents’ first questions weren’t, “How’s work?” or “Where can we take you to dinner?” They were:
Mom: “I shopped at Target. What should I do?”
Dad: “Why is the US so far behind Europe in adopting more secure credit card technology?”
My parents, of course, were talking about the Target data breach, which received incredible airplay in the mainstream media over the holidays. For example, CBS Nightly News covered the story several times.
The answer to my mom’s question was easy: “Step up monitoring of credit card transactions on your statements, and call your card company if you see anything suspicious.” My dad’s? Not so easy.
EMV: From industry jargon to popular lexicon
The Target data breach has brought discussion of EMV technology into the mainstream. EMV stands for Europay, MasterCard and Visa. It is a security standard for a variety of payment cards including, credit and charge cards, traditional and deferred debit cards, open-loop prepaid cards, and ATM cards.
Reuters is one of myriad news outlets that explained:
For years, U.S. merchants and banks have balked at adopting a well-established system that uses credit and debit cards that store information on computer chips. The [EMV] technology, ubiquitous in Europe, Canada and elsewhere, makes it harder for thieves to misuse data compared with cards that store data only on magnetic stripes.
In the U.S., the problem is the costs of the new chips and some 10 million payment terminals to process them.
Telco costs and innovation
What most articles neglected to say, though, is that adoption of EMV in other parts of the world was not driven by the card providers’ desire to spend millions of dollars on new cards and chips, as can be inferred from the Reuters article above. Rather, there were many contributing factors, including, in large part, many regions experiencing high telecommunications costs. Card companies and merchants were looking for a way to make offline transactions more robust and more secure. By leveraging authentication via the card’s on-board microchip, thereby reducing the need for approval transmissions, EMV does exactly that.
By contrast, telecommunications resources in the US are abundant, reliable and very low-cost, and they have been this way for decades. And with the US being the home of Silicon Valley (the frontier of new payment technologies and ecosystems like iOS and Android), one could reason that credit card companies are putting more focus on how to operate in consumers’ potentially cardless futures. That is, until the Target breach.
EMV adoption in the US: On target
Data breaches of the magnitude experienced by Target underscore the need for US card companies to adopt the EMV standard. Physical cards are not going away anytime soon, even as new payment technologies gain traction. We need to take steps to continue to secure the transaction stream.
But while the Target breach exposed millions of consumers, I don’t think it’s necessary for the industry to push a big red panic button, rushing to convert its outstanding magnetic stripe cards to EMV cards overnight. I continue to believe that a strategic, controlled rollout, much like the path the US credit card industry is already on, will work. The two-year horizon will be sufficient, but the industry can’t afford additional delays. Doing so would prolong the US card industry’s exposure to massive fraud attempts, and make it harder to ensure customers’ continued positive experiences with the card-based payment process.
Debunking the myths of EMV
With EMV top-of-mind for consumers everywhere, card fraud and security, more generically, are pressing concerns as well. At FICO, we are continuing to advise and assist global issuers on their regional migrations to EMV. We are enhancing and evolving our fraud solutions to continue to provide protection for issuers and consumers. In addition, we are working on longer-term solutions that address the card security concerns of today’s mobile consumers.
In an absolutely timely coincidence, FICO recently partnered with Mercator Advisory Group to produce an informative white paper, “EMV Adoption and Its Impact on Fraud Management Worldwide” (Jan. 2014). This white paper takes an in-depth look at EMV and its industry impact, and debunks a number of popular myths.
I am definitely going to send a copy to my mom and dad.
For more views on Target breach, see my colleague John Buzzard's recent post: Target Breach Has Some Seeing Red.