Tech Bytes: Three EMV Issues That Remain Unresolved

As of Oct. 1, retailers who do not comply with the Europay, Mastercard, Visa (EMV) security standard that relies on embedded chips in payment cards face a shift in card fraud liability. Many EMV issues have not yet been resolved. Here are three big ones:



Swipe left out

Retailers have been warned repeatedly that if they do not implement EMV-compliant POS terminals, they will bear liability for any fraud resulting from an EMV card transaction.



But there is a second concern about non-compliance that has gotten little attention. Will retailers who fail to upgrade their POS systems eventually become unable to process credit and debit card transactions altogether?



The first generation of EMV-compliant payment cards is mostly being issued with data also available for acceptance by traditional card swipe terminals. At some point in the maybe not-too-distant future, this will no longer be the case. Retailers who don’t comply with EMV would presumably lose the ability to accept card-based payments.



For independent, local and regional retailers, this is a serious issue. EMV compliance is a time- and money-intensive proposition. Even merchants who may be too small or specialized to run much risk of being targeted by fraudsters need to plan for the day swipe readers no longer work.



Everybody’s online

EMV-compliant payment cards are much safer in the store. But they don’t do anything to deter online fraud. That is why studies show in other developed nations that have already switched to the EMV standard, online fraud rates as much as doubled in the following years.



As common as e-commerce fraud already is, it would be much more common if in-store fraud weren’t so darned simple to pull off. That scenario is about to happen. The dramatic increase in online retail fraud may not happen overnight, but assuredly will happen.



Regardless of whether they plan to comply with EMV, any retailer with online operations (including pure-plays) needs to start beefing up online security now, if they haven’t already.



Sign up for security

Everyone agrees that storing consumer financial data in an embedded chip is much safer than storing it on a magnetic stripe. There is much less agreement on whether having consumers authenticate their identity with a unique PIN number is safer than doing so with a signature.



Advocates of PIN authentication, which is the generally used global standard, say it guards against the misuse of stolen or lost cards much more strongly than signature. Most retailers back the use of PIN authentication. Advocates of signature authentication, who include most banks and card issuers, say consumers will have too hard a time remembering different PINs and signature is a valid form of identification.



So far, most EMV-compliant cards in the U.S. are being issued with signature verification, meaning at least for now chip and signature is the de facto standard here. Will there be a rash of payment fraud involving stolen and lost chip-based cards?



If so, will retailers balk at shouldering the costs? Will banks and issuers bend to the will of retailers and start issuing PIN cards?



Time will resolve these and all other issues surrounding EMV. The one thing retailers can be sure of is that Oct. 1 marks the beginning of an era, not the end.