In the past few months the already-hot payments industry has been put in an unfavorable spotlight. Because of the magnitude of the recent data breaches at several major retailers the payments industry has been forced to take a more serious look at updating antiquated card technology. The push for EMV is going full tilt, but much like any breaking news, when it first creates headlines there is more to the story than meets the eye.
I offer this comparison. When Edward Snowden started disclosing information about the dragnet data collection policies of the NSA, the public was not fully informed of his rationale for doing so and were wary of his tactics. Over time, with more coverage circulating across media outlets, Americans began to see that there was more to Snowden’s disclosure than espionage at the hands of a traitor. While controversy remains over whether his actions were justified, a tipping point was reached that pushed for positive changes in privacy laws.
The movement toward adopting EMV is running down a similar vein. Following the Target breach, the general public was made aware that the rest of the world utilizes EMV chip-enabled cards that are more secure than the current mag-stripe cards issued in the United States. This knowledge led to an assumption that EMV would have prevented the breach and left many Americans wondering why our country hasn’t adopted a more secure card system. Eventually we learned that a third party vendor was responsible for the data compromises and that fraud prevention isn’t solely about the type of technology in our cards. Even though EMV wouldn’t have prevented the breach, with awareness comes heightened expectations and momentum to change.
Changes in payment methods have traditionally moved at a snail’s pace, but today, that rate of change is quickening as the severity of fraud breaches rises and the liability for fraudulent charges is shifting. New regulations go into effect in October of 2015 that will place financial liability for card-present losses on the party that hasn’t invested in EMV. For example, if VISA switches to EMV cards and a merchant decides to keep their old systems, the merchant will be responsible for fraudulent charges. On the flip side, if a financial institution is still issuing mag-stripe cards but a merchant has a new terminal that accepts EMV technology, then the FI is on the hook.
While the need for more secure card technology is clear, should we simply accept that EMV is better and therefore the change that our payments industry needs to embrace? EMV has its vulnerabilities—card-not-present transactions, vendor security issues and insider fraud, to name a few. It may not make sense to spend more than $8 billion (the current industry estimate) to upgrade America’s payments infrastructure to accept chip and token EMV cards when there are innovative technologies being introduced that work within our current technology infrastructure. Implementing a decades old technology with little room for adaptation seems like a misstep that should be carefully weighed against the new alternatives.
Here are some of the options that don’t require any infrastructure changes:
PayPal’s Payment Code is a payment app that feeds customers a unique QR code or four digit pin (depending on whether a merchant has a barcode scanner or a pin pad) to complete their transactions securely. Loop Wallet employs the use of a small, encrypted keychain fob that a consumer loads all of their loyalty, gift and payment cards onto. When a consumer is ready to pay, they simply hold the fob up to existing mag-stripe POS systems and a magnetic induction loop delivers the payment information via Magnetic Secure Transmission. Dynamics Inc. has developed a credit card that has a dynamic code that changes with every transaction when consumers key in their personal pin. The actual card contains no codes, numbers, or data on the stripe. This technology makes it impossible to skim information and if the card is stolen, it is worthless.
Alternative payment methods not only seem like a promising way to minimize fraud during the time it will take to implement EMV, but perhaps they could replace the switch all-together. The American public is at a point when they are aware of emerging payment innovations, but are wary of their security and ease-of-use. It is up to payment companies to aggressively market the merits of their products, and the downfalls of EMV-enabled cards. This marketing challenge is considerable, but not impossible, as Snowden has showed us. An increasing number of transactions are already taking place via mobile and online channels. The movement has begun. Are we inching toward the tipping point?
Please share your comments regarding whether EMV is the right path for the United States considering where payment innovations are heading.