Security Experts:

Will the U.S. be Able to Fend Off the EMV Card Standard Invasion? Probably Not for Long.

EMV Chip Credit CardAs they say…”Old habits die hard.” It’s ironic that Americans are still using traditional magnetic strip payment cards more than 15 years after chip and PIN digital technology, also known as EMV smart card, first hit the market in Europe. We continue to rely upon the 50-year old magnetic stripe (aka mag-strip) technology allowing organized crime to easily skim information directly from the cards with simple card reading devices purchased online for less than $100. Over the past few years, computer hackers have managed to access and exploit a rich supply of mag-strip information, from several leading retailers and a credit card processor, to successfully ratchet some high profile thefts. However, the ever mounting cardholder data fraud (over $8.6 billion in 2008, according to Aite Group’s study) and the emergence of new non-traditional payment technologies, such as contactless and mobile payments, seem to be pressuring merchants and card issuers in the United States to consider migrating to EMV-ready cards and POS (point of sale) architecture.

Why EMV?

EMV-enabled cards, the shortened name of the card created by its original creators Europay, MasterCard, and Visa, use an embedded microchip and a personal identification number (PIN) to validate the card, the consumer, and the payment transaction instead of a cardholder’s signature. The chip and PIN cards use dynamic data to provide greater security to credit card transactions. According to EMVco, the EMV standards body, there are currently more than 1 billion (yes, with the “B”) EMV-enabled cards in circulation with a 36% annual adoption rate being accepted in more than 22 countries around the world.

EMV Chip Growth

Looking at the EMV adoption map, the chip and PIN payment technology is fast becoming the leading global card payment standard. Even our two neighbors North and South of the border – Canada and Mexico – are in the process of migrating to chip and PIN cards to become EMV compliant. (Sidebar, this will leave the U.S. in a potentially risky situation, sandwiched in between two more secure credit card environments, and it is thought that we could become the new playground for credit card fraud.)

Consider the following advantages of EMV-enabled cards:

• More secure against payment card fraud than the current mag-stripe cards with data encoded in a magnetic stripe on the back of the card

• Offers enhanced cardholder verification methods (e.g. a unique PIN combination)

• Stores and maintains significantly more information than mag-stripe cards; adding additional layers to help authenticate the card and prevent fraudulent transactions

• A transaction-unique digital signature in the microchip proves its authenticity in an offline environment and prevents criminals from using fraudulent payment cards

• Protects cardholders, merchants and card issuers against online transaction fraud through a transaction-unique online cryptogram

Why is the U.S. Resisting EMV?

There are two opposing camps in the political fight of EMV’s US adoption. On one side, there are multi-national merchants desiring to reduce credit card fraud and annual costs associated with card acceptance. On the other side, issuers and other financial institutions are less than enthusiastic about the thought of changing the status quo from existing mag-stripe payments. Their resistance to change stems primarily from two main reasons: the cost of migration to EMV and profitable revenues associated with the current interchange fees.

According to CreditCards.com, there are 608 million cards held by U.S. consumers, with an average of 3.5 cards per consumer that would have to be re-issued and replaced with EMV-enabled cards. Change to the current U.S. payment infrastructure is neither simple nor inexpensive and would require close to $12.7 billion (according to an Aite Group Report “Encryption: The Best of an Imperfect Bunch) to migrate to the EMV architecture. Who would shoulder most of the cost? Most likely, merchants would be burdened with the majority of the cost. Obviously, this would likely produce pushback from smaller more price sensitive merchants that would be impacted by the costs associated with implementing new technology.

So Will EMV Come to the U.S.?

The migration to EMV in the U.S. is inevitable. We can anticipate that there will continue to be a strong push to migrate to a new chip and PIN payment architecture in the United States \ fueled by multi-national merchants who have seen fraud/chargeback benefits from implementations in other parts of the world. The migration will be neither fast nor inexpensive, requiring a hefty investment in new technology and new processes. Both merchants and consumers will need to continue to build a compelling business case for migration to chip and PIN cards in order to convince issuers and acquirers to change the payment infrastructure that is currently in place. The pace of the migration will depend upon further growth in new EMV card markets, adoption of new technologies, and applications that provide consumer and merchant benefits.

How long will it be before a major U.S. issuer puts its EMV cards in circulation is anyone’s guess… but then, “Rome wasn’t built in a day either.”

Subscribe to the SecurityWeek Email Briefing
view counter
Christopher Justice is President of Ingenico North America and is responsible for driving the development of the company's strategy in the US and Canada. He is a graduate of the University of Tennessee, has held several executive positions in the electronic payment industry. Prior to being President and CEO of Merchant Link, Chris was Senior Vice President of First Data, where he led the National Accounts group for various banking relationships including CitiBank and SunTrust. Before joining First Data, he served as VP of National Accounts for Concord EFS, an electronic payments processor and a recent First Data acquisition.