Article
'EMV BITES!'
You might agree with EMV detractors, but what really matters is that MasterCard and Visa have decided that it has value in combatting fraud at the ATM.
June 19, 2014
by Daryl Cornell, CEO
Triton Systems
For arguments sake, let’s just all agree with the detractors — EMV bites. It’s an expensive, aging technology, allegedly full of holes. It is not a magic bullet that will stop all card fraud. In fact, EMV doesn’t do anything to stop “card not present” fraud.
There are probably better technologies available right now, using end-to-end encryption and tokenization to tie in mobile payment technology, eliminating the physical card and using biometrics to kill the loathsome password.
The problem is that none of this matters. The only thing that matters is that MasterCard and VISA have decided that EMV is of value in combatting fraud. They have also decreed that any participants in the payment chain who disagree and who fail to upgrade will begin paying their share of the $1 billion (and growing) cost of U.S. card fraud annually — beginning in only 16 months.
If you are MasterCard or VISA, giving issuers, processors, ISOs and merchants 5+ years to upgrade to EMV seems perfectly reasonable. If you are an ISO or a merchant, the threat of liability shift without an expensive upgrade and with no apparent business case smacks of extortion. So, in the absence of an Interac (Canada) or LINK (U.K.) to resolve this dispute in the U.S., what is an ISO or merchant to do?
Ignore the mandate and hope. This approach seems to be predominant today. Why be the first ISO or merchant to embark on an expensive upgrade program when so much remains up in the air? Durban, routing complications, a dearth of EMV cards, a history of empty PCI and ADA mandates, and cash flow constraints would all seem to be conspiring against the early movers.
However, one little-publicized fact is that MasterCard is currently blocking cross-border ATM transactions on nearly 75 percent of U.S. retail ATMs. Post-liability shift, this block will reportedly be removed, exposing 100 percent of non-EMV ATMs to international card fraud. Once the first highly publicized, six-figure liability shift claims hit, the rush to upgrade to EMV will likely run headlong into severe field service and hardware constraints.
Refuse to pay liability shift claims and sue if necessary. The mechanics of liability shift in the U.S. remain murky. Assuming that issuers and processors are EMV ready, how will the card schemes collect six-figure fraud claims from ISOs and merchants? Will processors be enlisted to help collect? Will settlement funds be withheld? Will non-EMV terminals be shut off as we saw in Canada? Will litigious ISOs be summarily dropped? How will the courts rule on the subsequent claims and counterclaims? Liability shift promises to be messy business for the foreseeable future, with only the lawyers salivating in anticipation.
Lobby Congress for relief from these onerous demands. Unfortunately, the vast majority of the general public and Congress are only aware of the EMV debate as a result of the recent Target breach, which exposed 40 million-plus constituents to potential debit and credit pain and highlighted the U.S. as one of the lone EMV holdouts. In addition, more than 12 million POS devices will be at some stage of upgrade before the first ATM liability shift occurs in 2016. Gas pump EMV upgrades are scheduled to follow in 2017. How much sympathy, really, should the retail ISO community and its 300,000 ATMs expect to receive from Congress? Unfortunately, Washington lobbying efforts to exempt ATMs from liability shift and EMV upgrade would appear to be futile at this point.
The bottom line is that EMV is an imperfect solution being imposed by the card schemes. ISOs and merchants face a number of options in response. However, current arguments about the imperfections of EMV miss the point completely:
EMV is all about the economics of who pays for card fraud.
This article has been republished from the Triton blog, atmAToM, with kind permission from Triton.
photo: kristian bjornard
Included In This Story
Triton Systems
Triton FI based products • NO Windows 10™ Upgrade • Secured locked down system that is virus/malware resistant • Flexible configurations - Drive-up and Walk-up • Triton's high security standards • NFC, anti-skim card reader, IP camera and level 1 vaults are all options • Triton Connect monitoring • Lower cost
