August 24, 2016
Lack of EMV Preparedness an Opportunity for CNP Merchants
Oct. 1, 2015
The day the payments industry has pointed to for several years, and the day card-not-present merchants have been conditioned to fear, has arrived. As of today, the liability for fraud carried out in physical stores with counterfeit cards belongs to the merchant if it has not yet upgraded its POS system to accept EMV-enabled chip cards. According to one group representing large merchants, the migration to EMV is the "costliest event in the history of U.S. payments, which is already the most expensive payment system in the world." As has become evident over the past few months, however, today is closer to the beginning of the process than the end.
A recent survey highlighted the fact that, despite the very large stick represented by the liability shift, less than a third of merchants overall have invested in EMV-compliant technology (exposing them to liability for counterfeit card fraud). And, if you exclude large merchants, preparedness is even worse. One study said 80 percent of small and midsize merchants have not upgraded their systems as of today’s liability shift.
Issuers are claiming to be more prepared than merchants, but that isn’t clear. According to the Smart Card Alliance, around 200 million chip cards have been issued to U.S. cardholders. That, however, is less than 17 percent of the approximately 1.2 billion payment cards in circulation. What is clear is that today does not represent the end of the journey. The lack of preparedness at the physical point of sale, however, may be a boon for card-not-present merchants
Over the past few months, the mainstream media has awoken to the fact that implementing EMV does not mean fraud will disappear. In other countries that implemented the EMV standard, in fact, fraudsters quickly adapted to the difficulty of counterfeiting cards by attacking CNP channels, where a chip has no effect.
"In other markets, fraud migrated quite rapidly to card-not-present channels," said Deborah Baxley, principal, cards & payments at Capgemini Financial Services. "For example, in the U.K. and Canada, CNP fraud increased ten basis points in a year, and kept increasing. It is incumbent on e-commerce merchants to protect themselves with an array of tools, including authentication methods like device authentication, one-time passwords, randomized PIN pad, biometrics, and fraud mitigation tools like data analytics, address verification and CVV verification, 3D secure and tokenization. These services should be available from their merchant acquirer processor or gateway."
But, the initial explosion experienced in other markets shortly after their liability shifts could be delayed in the U.S. Merchants’ overall relative lack of preparedness for EMV may give e-commerce and mobile merchants time they didn’t think they would have to explore the options Baxley outlined.