Regular readers of this blog will know that I have been writing about eating the US EMV elephant for some time. Yesterday’s announcement from Visa may just be the big push the US market needs for it to finally migrate to EMV.
Visa’s roadmap includes ‘carrot and stick’ elements in its drive to accelerate EMV adoption in the US. Merchants will soon have an incentive to install chip-enabled terminals: When 75 per cent of a merchant’s transactions originate from chip terminals, that merchant will no longer have to go through the troublesome process of annually validating their compliance with the PCI DSS standard. The twist for the US is that the terminals must be both contact and contactless chip enabled, while a similar programme in the rest of the world requires only at minimum that the terminals accept contact chip transactions.
There will also be a shift in the liability for counterfeit fraud. At present, point-of-sale counterfeit fraud is absorbed by card issuers. Under Visa’s new plan, if a transaction using a counterfeit card is carried out at a merchant without a chip-enabled terminal, liability will lie with the merchant acquirer. This liability shift has already occurred everywhere except in the US. In addition, Visa is requiring the US infrastructure to be upgraded to support EMV.
Visa’s programme was already introduced to the rest of the world earlier this year. At that time, Visa did not think the US payments market was ready for EMV. Now Visa apparently thinks it is.
This is a positive move for payments security. Chip technology uses dynamic authentication which makes stolen card data far harder for criminals to exploit. Chip cards cannot be cloned, and creating cloned mag-stripe cards from stolen mag-stripe data becomes unattractive to criminals if most US POS do EMV transactions.
This is also good news for the rest of the world. Criminals can currently steal payment card data in one country and then create cloned mag-stripe cards which can be used in the US. Visa’s plan will reduce the incidence of this ruse.
While some US merchants like Walmart have already taken the bold move to go it alone and invest in EMV terminals and infrastructure, the rest have had no clear vision from the card schemes on whether to invest in EMV to improve security. Well, now they have.