The Biggest Challenge to EMV MigrationLeader of Booster Group Identifies Hurdles
The biggest challenge the U.S. must overcome in its migration toward chip cards is getting the necessary software tested and installed on POS terminals, says Randy Vanderhoof, executive director of the EMV Migration Forum.
"We can get cards into the market, and we can get terminals installed in the stores, but the part that's the most difficult is getting the software on those terminals through the very complex, costly and time-consuming testing and certification process," he says.
Another challenge is "getting all of the various third parties that are involved in this payments ecosystem ... aligned and under the common EMV processing standards. Getting them all working together is proving to be a very complex task," Vanderhoof adds.
In an interview with Information Security Media Group, Vanderhoof says that 2014 will be a pivotal year for the U.S.'s migration from magnetic-stripe payments technology toward chip-enabled payments that conform to the Europay, MasterCard, Visa standard, better known as EMV.
By the end of this year, Vanderhoof predicts that the U.S. will have approximately 120 million EMV cards, out of a total of 1.2 billion debit and credit cards, in circulation, and 4.5 million EMV-enabled payments terminals installed, out of a total of 12 million POS terminals in place at merchants.
The massive retail breaches that came to light earlier this year are helping build momentum for EMV, Vanderhoof says. "EMV won't prevent breaches, but it does devalue the data," he explains. "So even if attackers get in, the data they may steal would not be something that could be converted and used for fraud."
Chip cards using the EMV standard contain an embedded microprocessor that stores and processes encrypted information, ultimately devaluing that data so that it is difficult to copy or counterfeit.
The EMV Migration Forum is a cross-industry group that helps merchants and banking institutions successfully complete their adoption of EMV technology by October 2015 - the liability shift date set by the card brands for fraud that results from face-to-face magnetic-stripe payments.
Until October 2015, banking institutions, as card issuers, must ensure that consumers affected by fraudulent card transactions are reimbursed. After the EMV liability shift date, if fraud results from the compromise of a mag-stripe card transaction, the merchant will be held liable if it is not equipped to accept chip-card transactions that conform to EMV.
A majority of top-tier U.S. merchants and card issuers are on target to have their migrations completed by the October 2015 target date, Vanderhoof says.
Credit Overshadows Debit
So far, EMV credit-card issuance has overshadowed EMV debit-card issuance, Vanderhoof says. That's because debit has faced payments-processing challenges - some of which relate to merchant processing options mandated by the Durbin Amendment to the Dodd-Frank Wall Street Reform and Consumer Protection Act (see Court Ruling: A Fraud Prevention Boost?).
Now that specifications for debit processing are being worked out, Vanderhoof says the market should see an uptick in EMV debit issuance and acceptance by the end of this year.
During this interview, Vanderhoof discusses:
- The short-term challenges dual EMV and mag-stripe payments will pose for merchants and issuers;
- How mobile payments could impact the EMV migration; and
- Why big investments in consumer education regarding the transition from the mag-stripe to the chip will be a necessity.
Vanderhoof is the executive director of the Smart Card Alliance, a not-for-profit, multi-industry association of more than 180 member firms working to accelerate the widespread acceptance of smart card technology in North America and Latin America. He has directed the transformation of the organization from primarily a networking organization into a diverse, education-oriented, international, multi-industry group that helps stimulate the adoption of all forms of smart cards for electronic payments and digital security applications.