2015 Visa Payment Technology Provider Forum Takeaways
Last week I attended the 2015 Visa Payment Security Symposium held in San Francisco, which is where Visa has its headquarters. The intent of the Symposium was to provide an update on the progress of the EMV liability shift that becomes effective October 1, 2015 and how that will impact retailers. Here are some of the key metrics presented:
- As of July 2015, U.S. banks have issued 117 million EMV cards, which is 28% of total cards
- Of that total, 78 million cards are credit and 39 million cards are debit
- Visa estimates that 250,000 merchants have been EMV enabled, which represents about 5% of the U.S. merchant base
- Of these merchants, only a few hundred terminals have been able to support EMV PIN debit
Takeaway: Card companies have been doing a good job swapping out existing non-chip credit/debit cards with new Smart Cards with embedded computer chips, but US merchants/retailers are struggling to upgrade their in-store systems to become EMV ready.
How U.S. Adoption Compares to Other Markets
Several speakers tried to compare the pace of adoption of EMV in the U.S. to other countries that have mandated EMV processing solution.
- Canada instituted a similar EMV deadline in March 2011, but required chip and pin out of the gate.
- Adoption was significantly slower than anticipated, particularly the first year.
- Four years later, its estimated that 20 percent of retailers in Canada still do not have chip and pin processing solutions.
Australia instituted a similar EMV deadline with similar adoption rates.
Takeaway: Based on historical experience in other countries, we should not expect a ‘big bang’ on October 1st. While some types of merchants will be targeted (electronics and bikes) most non-EMV merchants will not see much of a difference right after October 1st.
The Bad Guys Will Drive Adoption of EMV Chip and Pin
Chester Richie, a senior executive at WorldPay, pointed out that the fraudsters will find the weakest link in the payments value chain to exploit. As EMV Chip and Pin rolls out, criminals will recognize which retailers will not have chip and pin and exploit that weakness. This will help increase the rate of adoption. As an example, following adoption of ‘chip and pin’ in Canada, card fraud began dropping in Canada as criminals shifted focus to lesser protected U.S. retailers. Chester Richie pointed out that the same thing happened in Europe. While large retailers have the resources to upgrade their ERP/retail management systems, smaller retailers with POS systems will be challenged to protect themselves.
Takeaway: Small merchants with legacy payment terminals and POS systems will absorb a disproportionate share of credit card fraud post October 1st.
Processors Are Holding Up Adoption
Adoption is being led by the large retailers that have dedicated IT staffs (Walmart, Home Depot and Target) while smaller merchants with integrated POS-payment solutions are lagging.
There were several reasons for this:
- The payment processors have been very late in putting out EMV specs and getting ready for EMV testing – as processors are required to certify both their network and the specific payment terminal.
- The processors have focused their resources first on their large retailers which have more resources and processing volume.
- Integrated payments/POS solutions, which are much more prevalent in the U.S. than any other country, are slow to convert to EMV.
- The processors were just not able to handle all of the necessary testing in a quick enough time frame.
Takeaway: Given the factors above, integration between POS and EMV for most retailers will be 2016, not 2015.
EMV is OK, but Encryption is Great
Encryption can be more powerful than EMV for preventing fraud and theft. Two interesting facts support this. Most of the world did not have encryption in place prior to EMV so EMV was sort of the first real attempt to counter fraud and theft in most places. The large breaches that have occurred in the U.S. in recent years (e.g. Target, Home Depot, Neiman Marcus, etc.) were all cases where the merchants did not have encryption in place. Visa highly recommends the triple play in fighting fraud and theft: EMV, encryption, and tokenization.
Takeaway: Encrypting card data at the swipe is a great compliment to EMV.
What We are Doing at MicroBiz POS
MicroBiz POS is offering EMV-compatible integrated processing using a variety of terminals from Ingenico, Pax and Dejavoo through a payment middleware fabric. Our middleware fabric and supported terminals enable us to connect with virtually all majors U.S. and Canadian payment processors. Our EMV solution supports ApplePay and other mobile wallets and also offers end-to-end encryption.