Why Hasn’t the U.S. Adopted EMV?

EMV chip technology is not new, but why hasn’t the U.S. gotten on board?

With advanced security, endless technology benefits and success in many other markets, it can be confusing as to why Americans are not already seeing widespread use of EMV technology. After the 2013 breach of Target credit cards during the holiday shopping season, business leaders, including Target’s CFO, are now calling for acceleration adoption of the technology.

So why isn’t this more widespread? This infographic breaks down the benefits of the card and some potential  reasons why the payment technology hasn’t been widely adopted in the US.

What do you think about EMV? Will it still be Europe-only?

 

Smart Cards
Source: ComputerScienceDegreeHub.com

How the U.S. Payment Industry Can Cut Through EMV Challenges with Education

Mobile LifeStyleWith the October 2015 deadline for financial services providers (banks, credit unions, merchants, etc.) to fully implement EMV, many industry insiders are facing the challenge of adapting this new technology to the still-developing regulations. Overhead costs, implementation strategies and regulatory relations are all top of the list concern for executives. Further complicating matters is the lack of a centralized project management office to coordinate migration that other countries, including Europe, have the luxury to look to for guidance.  As a result, U.S. providers are forced to deal with 18 regional debit networks that, due to the Durbin amendment, require each acquirer to route transactions via a minimum two competing networks – severely increasing the difficulty of the task.

Not to worry! As with any new product, service or process implementation the proper education and guidance will lead to the desired results, and luckily we can simply look across the pond for experienced help.

First, let’s start with a quick background.

EMV 101

EMV is the technology commonly used in the developed world, less the United States, that replaces the magnetic stripe in credit and debit cards with chip technology. The EMV chip technology reduces credit card fraud to make consumers transactions safer and also provides global interoperability. According to the U.S. Fed, the total number of unauthorized transactions (third-party fraud) in the United States during 2012 was an estimated 31.1 million, with a total transaction value of $6.1 billion; up nearly 10% from 2011. High profile security breaches are becoming far too common, such as the ones recently experienced at Target, Marriott, and Neiman Marcus. Discover Financial Services found that after the EU completed its migration to EMV, the region has seen an 80% reduction in credit card fraud while, comparatively, the U.S. has witnessed a 47% increase.

Regulatory Challenges

Changing industry regulations present additional challenges to implementing new payment processes and systems. A recent federal court ruling on debit regulations, while maintaining the current status quo, will affect the EMV migration in two key areas: merchants choice of debit transaction routings (required to choose a minimum of two competitors), and debit interchange fees. How these two issues are decided will affect how EMV processes will be implemented. It will be crucial for industry executives to keep an eye on this evolving process as we move forward.

Smooth Transition

There are many steps industry stakeholders can take now to help make the migration to EMV as seamless as possible. Developing key strategies for full migration is the first step in the process for many in the industry, but they often face a challenge of establishing effective strategies due to a general lack of knowledge of the process. Industry stakeholders must arm themselves with the appropriate educational services to help them formulate a strategic vision that is booth streamlined and profitable. While it may be unfortunate America is the last developed nation to migrate to EMV, it’s actually a benefit in the educational process as Europe and other countries have recently gone through this experience and can provide valuable information transfer.

 

Industry executives need not worry about the upcoming EMV migration deadline, but focus on implementing key strategies for their organizations. Lucky for them, they are not the first to go through this process and can look across the pond for valuable lessons that will lead to an easy and expedited transition. Once migration is completed, American consumers and businesses will be much safer with their financial transactions.

 

Gokhan Inonu is a global leader with over 25 years’ experience in EMV migration and financial transactions leadership roles. In his current position as President, Cardtek USA, Mr. Inonu heads the American division of Cardtek Group and oversees operations, sales, marketing and partner management. 

Financial Institutions Need a Can-Do Attitude

 “Don’t mistake activity with achievement.”
– John Wooden, former UCLA basketball coach and 10-time NCAA Basketball Champion

Target, Neiman Marcus and Michaels recently compromised sensitive customer data to hackers, joining Facebook, Gmail, Twitter, and Yahoo!. And those are the ones made public.

Financial institutions (FIs) aren’t safe either: Global Payments (processor for Visa and MasterCard), Bank of America, Citibank, JP Morgan, and Fidelity National Information Services all suffered data breaches recently. Hundreds of millions of dollars stolen and boatloads of personal data exposed to criminals.

Companies, especially FIs, are not doing enough to safeguard sensitive information. FIs scramble to buttress their systems to thwart attacks, while criminals easily elude the safeguards.

If you shop online your information could already be on a hacker’s hard drive, waiting to be bundled and sold to another criminal, making you vulnerable to identity theft and other crimes.

The protection plans offered by credit card companies and FIs do provide additional protection. But, if it isn’t enough, why would consumers pay for safeguards that should be provided automatically? The “safeguards” aren’t really all that safe, in truth.

EMV (Eurocard, MasterCard, Visa) (covered on this blog) would be a step in the right direction, erecting additional layers of protection between FIs and hackers. EMV has been adopted by most of the world, but not in the U.S.

EMV replaces the magnetic strip on cards with a microchip used for authentication, encrypting the information during the transaction, making it more difficult for thieves and card skimmers to steal. Security is further bolstered when used with a PIN or signature. However, it is by no means a panacea.

Retina scans and fingerprints could also thwart criminals. Those systems require expensive investment in hardware and new software to support them. FIs and their customers should implement anything that makes it more difficult for hackers.

Dual-factor authentication (2FA) is another, more feasible, option. It adds another level to the standard password login. The FI would send a code via text message to your mobile phone, which then is entered by the user to execute the transaction.

Ninety-one percent of Americans already have a mobile phone, according to Pew Research. Convenience alone makes 2FA via text message a logical solution.

Sending out text message codes would require investment in software, but the cost is meager compared to implementing a scanner or other hardware solution. Twitter, Google and Facebook already support 2FA as an option at login. It should be made mandatory.

2FA has been around for decades but never took hold. If a mobile phone was compromised, it would carry frightening ramifications. And, transactions are susceptible to Trojan horses, Man-in-the-Middle attacks, and other malware. In fact, all computers are vulnerable to these types of attacks.

Tokens like RSA’s SecurID, 1Password, Toopher, YubiKey and the like that provide one-time passwords have weak points as well, which can serve as gateways for criminals. If breached, could expose every one of the user’s passwords, all at once. Not good and hardly safe.

So what’s the answer?

Disappointingly there isn’t one that ensures total protection in all situations. Hackers are clever and will continue to exploit weaknesses in any, and every, system.

2FA is easy to implement with current technology and is a formidable additional security layer.

Coach Wooden said, “Do not let what you cannot do interfere with what you can do.” FIs need to heed this advice.

About David Sutton: David has a BA in economics and a MS in business journalism, and his articles have appeared on Forbes.com and in the Boston Business Journal. David has had a bank account since he was three.