About three months ago, ATM Marketplace ran an article asking whether ATM operators should "just say no" to EMV. As of this week, MasterCard has rendered the question moot with its announcement that in 2016, the ATM industry would join the retail world in a liability shift for fraudulent transactions.
There's no saying "no" anymore. At one time, it might have seemed practical to refuse the infinitesimal profits from Maestro transactions when that network's previously announced liability shift took effect. But turn down income from a card that represents one-third of all plastic, and almost half a trillion dollars in purchase volume annually? Not likely.
Of course, most of the industry has always assumed that EMV was inevitable — the number of EMV committees and councils and working groups and white papers dotting the ATM landscape demonstrate that fact. But now it's not just inevitable; it's inescapable. And it's more important than ever to understand the status of all the moving parts in an EMV shift.
When the word from MasterCard came down on Monday, ATM Marketplace was already working on an update on the progress of EMV readiness in the ATM industry. For a benchmark, we turned to Triton, whose VP of marketing and sales, James Phillips, and VP of international sales (and veteran of the Canadian migration to EMV), Shaun King provided information for the previous overview of EMV. The company drew on the knowledge and experience of a number internal departments — including engineering, sales and marketing — for written responses that offer a current snapshot of America's progress toward EMV migration.
ATM: Does the industry now have a clear implementation standard from EMVCo?
Story continues below...
Triton: There is a "standard" for EMV as determined by EMVCo, however, each country where EMV has been implemented has made changes to screen flows, wording, etc. EMV as implemented in the United Kingdom on Triton ATMs is not exactly the same as implementation in Canada on Triton ATMs. There have been modifications that have required Level I and Level II changes.
ATM: What are you hearing from acquirer/processors about their progress in modifying and certifying their systems for EMV compliance? Have the card companies been providing assistance and/or coordination?
Triton: In our discussions with many of the processors we are finding that most are eager to certify EMV on their platforms. The holdup to date has been the uncertainty with which version of EMV to certify. No one wants to incur the expense associated with certifying a new transaction format, especially one as important as chip and pin, without knowing exactly what it is they need to certify.
ATM: What are manufacturers doing to prepare for EMV?
Triton: Each manufacturer is likely going to approach adding EMV to their platforms a little differently. Triton already has ATMs deployed in several other countries that are running EMV transactions, and has had an EMVCo approved Level 2 kernel since 2004.
For the U.S., we are moving forward with implementing the same standard we currently utilize in the Canadian market for any acquirer/processor who wants to get a jump on certifying the standards associated with EMV. We are also participating on various committees that are discussing EMV in the U.S. so that we can make modifications if necessary.
ATM: Has your experience with the Canadian migration to EMV been helpful in this U.S. effort?
Triton: Yes. The Canadian migration uses the most current iteration of the EMV standard, and it would make the most sense for the U.S. to adopt the same standard that our friends from the North have already implemented. It is for this reason that we have moved forward with developing our EMV platform for the U.S. based on the Canadian implementation, which is the same standard being implemented in Mexico and Australia. We are expecting to have EMV card readers and software ready for use on our ATMs in the U.S. later this year.
ATM: There has been some question about who would be liable for transactions made with counterfeit cards created with data skimmed at an ATM. Has this issue been clarified yet?
Triton: This is another area that seems to be very cloudy. What we found in Canada is that the owner of the ATM was ultimately responsible. However, if it is a small mom and pop type of establishment, and they were hit with a very large fraud claim that they were unable to pay, then responsibility began to run up the chain towards the processor/acquirer. For that reason, the processors were taking a very hard stance that units be upgraded to support EMV cards, or they were shut down from the host. They were not going to take a chance on a fraud claim.
For more on this topic, visit the EMV research center.