Consumers fear credit card data theft more than terrorism. So why is EMV rollout not a big deal?
As I re-read my blog from last week, along with everyone else’s in the payments industry, it struck me that the transition to chip-enabled EMV cards in the US was pretty much a non-event for anyone outside of the industry. Even within the industry, a couple of years ago, EMV was a rather ho-hum topic – this article from 2013 nails it:
"Though many global merchants are equipped to handle smart cards, U.S. merchants have been slow to make the switch. The primary reasons for this hesitance are the high cost of replacing old technology and a lack of consumer demand for safer payments."
“A lack of consumer demand for safer payments.” Whoa! Certainly, that sentiment changed overnight a few months later, when the Target data breach made front-page news in December 2013. Since then, consumers have been gripped by the fear of having their identity or credit card information stolen, and EMV rollout has been much more visible in industry and mainstream press.
Why EMV adoption came in with a whimper
On October 1, 2015 we hit that major milestone, EMV adoption in the US. But instead of roaring in like a lion, the EMV deadline reminds me a lot of Y2K – an incredibly hyped threat of disaster that never happened. Specifically, the impact of EMV has been reduced significantly by factors including the following.
Most credit cards (about 70%) will have chips on them – but most of these cards will be chip-and-signature cards, not “classic EMV” chip-and-PIN. American Banker notes, “Some criticize banks' adoption of chip-and-signature, arguing that signatures are useless as a fraud deterrent.”
Having said that, some card providers are bucking the trend. First Niagara Financial Group of Buffalo, NY, is requiring its 250,000 cardholders to remember a PIN and use it with their new EMV cards. Some retailers require PINs for their store-branded cards, such as the Target REDcard. Introducing the PIN to EMV cards significantly cuts down on lost/stolen fraud and provides an added level of protection.
Many small merchants are not EMV-ready. Industry estimates put only 20% to 30% of merchants as having purchased and deployed the EMV-capable point-of-sale terminals and software they will need to handle EMV chip cards.
Interestingly, the National Retail Federation says, “New card terminals can cost $1,000 or more;… some merchants are weighing the expense against the number of chip cards they are likely to see. A January CreditCards.com survey found only 31 percent of consumers had a chip card; with the average American holding four cards,…. that translates into only about 8 percent of cards being chip-enabled.”
The rise of alternative payment types, including real-time transfers, direct debits, eWallets and mobile payments, could easily outpace EMV rollout. This is a huge topic with many interesting points; the top line is that Apple Pay, Samsung Pay and Android Pay have all been introduced in 2015, as has Verifone’s contactless EMV acceptance, all potential game-changers in the ultimate role EMV payment cards will play – at least in the US.
These factors have, in my view, lessened the positive impact of EMV on the payments ecosystem. Card not present (CNP) fraud, which traditionally spikes anyway after EMV cards are introduced, is a critical focal point and another story.
Since my EMV payment cards are not PIN-enabled, I’m using my bank’s alerting options and take comfort in knowing I’ll be alerted about any CNP transaction. In addition, I believe that more and more issuers will give consumers the option of being more involved in the fraud detection and prevention process by utilizing services such as FICO Consumer Fraud Control.