Insights from an Industry Expert
In June 2014, Lynn Larson, Recharged Education, had the opportunity to discuss the ins and outs of EMV with Jack Jania, Senior Vice President, Strategic Alliances, Gemalto Inc., a world leader in digital security. Following is a synopsis of EMV insights that Lynn gleaned from their conversation. For a summary of this content, see the related blog post.
What is EMV?
EMV (stands for Europay, MasterCard, Visa) refers to security technology that is incorporated into cards with a smart chip.
What EMV Does and Does Not Do
EMV cards reduce cross-border fraud, point-of-sale (POS) fraud and card cloning. EMV does not shut down all fraud channels, such as online fraud, and it does not encrypt all transaction data. Because POS transactions far outnumber online transactions, the industry has been focusing its security efforts on the POS side first. Separate solutions—outside the realm of EMV—are being developed to help curtail online fraud. For example, a PIN pad with a one-time password solution for the buyer would add another level of authentication for an online purchase.
EMV Migration in the United States
October 1, 2015, is the target date for converting to EMV in the United States, which has been behind other developed countries in this regard. As an incentive for issuers and merchants, there will be a liability shift at that time. If a POS terminal accepts EMV cards, but the card used for a purchase only has a magnetic stripe (“mag stripe”), then the card issuer is liable for any fraud. Conversely, if an EMV card is used at a non-EMV POS terminal, then the merchant is liable. For online and card-not-present (CNP) purchases, the merchant will continue to be liable for fraud.
Who Incurs the Cost of Moving to EMV?
Issuers incur the costs related to providing customers with new EMV cards. Merchants incur the costs of upgrading their POS technology to accommodate EMV cards.
EMV and Commercial Card Programs
International business travelers originally drove many issuers to offer EMV cards to Commercial Card clients. Outside the United States, EMV-enabled POS terminals have been the norm, making it more difficult for travelers who only carried a mag stripe card. Now the October 1, 2015, target is the driver for replacing all mag stripe only cards with EMV cards.
Will End-User Organizations Notice Any Differences?
Because of the added chip, the card will look a bit different, but some cardholders might not even notice.
For online transactions, which comprise the majority of P-Card transactions, the process will be the same. A cardholder would enter their card number, expiration, CVV, etc.
For in-person transactions, an EMV card could have a PIN assigned to it, which a cardholder would need to provide at the POS. This will depend on the card issuer risk strategy. MasterCard is an advocate of chip-and-PIN, while Visa leans toward chip-and-signature (see related blog post on EMV options). If you manage a card program, you might be concerned about cardholders forgetting their PIN and the limitations of the current U.S. ATM infrastructure to manage card PINs in the field, but Jack Jania pointed out to Lynn Larson that, as consumers, people generally remember their PIN for a personal card.
The bigger learning curve might be what the cardholder must do with the card at the POS. There is no swiping action by cardholders, which keeps the card in their possession; rather, cardholders must insert their card into the POS terminal—a “hands off” action. Cardholders might forget their card at the POS.