It Is Possible for Merchants to Accelerate Chip Card Acceptance

Despite some early success, it can’t be ignored that there are still many merchants that cannot accept EMV chip cards.

That’s not because they haven’t started their migration, but because the payments applications developed by their VAR, ISO and ISV partners or themselves have not yet been certified.

Now, merchants are starting to see their chargebacks mount—chargebacks for card-present transactions increased 50% following the liability shift. While not all chargebacks are due to the chip card migration, it has become a significant point of motivation for merchants in trying to accelerate their chip card acceptance programs.

With this surge of organizations now trying to get through the testing and certification process, they have overwhelmed the industry’s resources and created a certification backlog. But this isn’t the only reason for the backlog— we’re also seeing that when many merchants finally get to the front of the certification “rush hour” line their application fails to pass certification.

This not only frustrates the merchant and delays their plans of chip card acceptance, it also compounds the traffic jam and makes the backlog problem worse. When an organization fails the certification test, acquirers and other certifying entities need to spend more time with them to identify why they failed and assist them in resolving the problem. Eventually, the certification has to be resubmitted, further stressing the capacity.

The good news is, there is something merchants can do to not only make their trip through the certification backlog more successful, but make it successful the first time: pre-certify.

Pre-certification ensures that when a merchant gets to the front of the queue they will get certified. This one, simple step streamlines the certification process, therefore reducing and potentially eliminating the backlog.

To break the cycle of certification frustration, merchants should follow these proven and basic pre-certification procedures:  Isolate sales functions from chip card payment processing by using a “semi-integrated” payment solution architecture for reduced complexity; consider plug-and-play chip card terminal applications to reduce development time and the qualification and certification overload; pre-test implementation to minimize certification testing issues;  and use a brand-approved testing platform to help achieve certification. Merchants should also consult with an EMV certification specialist to ensure successful certification

While the certification process is seemingly daunting, it’s important to acknowledge the importance of the migration to EMV chip payments. The transition is modernizing the U.S. payments ecosystem to align with the global common standard for payments, and opens the door to new opportunities to support future evolutions that are interoperable with the rest of the world.

Following these best practices can help organizations shorten their implementation cycle, get their EMV chip card payment acceptance into the market more quickly, and ensure that when they get to the front of the certification queue they will get approval.

Merchants Will Be Cool to the Networks’ Faster EMV Alternatives

Merchants and cardholders alike have been challenged by the perceived additional time to complete the EMV transaction. These concerns pushed both Visa and MasterCard to create a response to improve the speed of transacting: Visa’s Quick Chip and MasterCard’s M/Chip Fast.

The idea behind these efforts is that instead of keeping the card inserted in the POS terminal until completion of the transaction, the cardholder will be able to insert and quickly remove the card, similar to swiping in the old mag stripe environment. New software, downloaded by the merchant, will process the authorization/final transaction amount without affecting other EMV functionalities like automatic transactional counters.

But will it really speed up checkout time?

Both Visa and MasterCard say the Quick Chip and M/Chip Fast, respectively, allow cardholders to remove their card prior to final authorization of the transaction. However, it is too soon to tell whether merchants will let the consumer out of the store before the authorization comes back with an approval or denial of the transaction. It seems unlikely most merchants will be willing to take that chance.

The new card network options do not require the financial institution to reissue cards, and merchants do not have to re-certify their point-of-sale terminals. Visa and MasterCard are in the market ahead of American Express and Discover. However, we should expect these two issuers to follow suit as the environment moves in this direction over the next few months.

Alignment in the payments industry is important. We are beginning to see this more and more with the coordination of the EMV liability shifts and alerts notification requirement among all of the issuers.

The end game, as an issuer or cardholder, is to have a card that provides consumers with the ability to process a secure transaction in a timely manner. Players need to stay attuned to actions these card brands may take while tracking how merchants are integrating the new software. Keeping current on new opportunities like Quick Chip and M/Chip Fast or the discussion around other EMV developments is the smart move.

Nearly 40% of U.S. Visa Credit and Debit Cards Now Have an EMV Chip

Nearly 283 million Visa-branded credit and debit cards issued by U.S. financial institutions now have an EMV chip, Visa Inc. reports. In addition, some 1.1 million U.S. merchant locations that accept Visa cards now take chip cards.

In the latest of the payment card networks’ updates on the U.S. chip card conversion that officially began last October, Stephanie Ericksen, Visa’s vice president of global risk products, tells Digital Transactions News tells that some 282.9 million Visa cards had a chip as of April 20—145.7 million debit cards and 137.2 million credit cards.

Chip cards now account for 39% of Visa’s approximately 725 million U.S. cards in issue, or 50% of all credit cards and 33% of debit cards, according to Ericksen.

Credit cards had an early lead in the EMV conversion, but debit cards surpassed them in Visa’s report for March. Now debit’s lead is widening, which is no surprise given that debit cards account for about 59% of all Visa cards. “So now debit is really starting to catch up and surpass credit in the market,” says Ericksen.

On the acceptance side, Ericksen says 20,000 to 25,000 new merchant locations are taking chip cards. The tally is now 1.1 million locations, or 24% of the Visa merchant base, and up 10% from 1 million at the end of March.

Visa’s merchant figure is lower than the 1.4 million recently reported by MasterCard Inc., but since the Visa and MasterCard merchant bases in the U.S. are virtually identical, Ericksen attributes the discrepancy to differences in the networks’ data-collection methodologies. Visa counts as an EMV-accepting merchant one that has generated at least one Visa chip card transaction within the preceding month.

While a number of big retail chains are taking chip cards, small and mid-sized merchants are generating three-quarters of Visa’s EMV transactions. In part, that’s because smaller retailers have less complex tasks in retrofitting their points of sale for chip cards, or are buying new systems, including those from mobile-based processors, where EMV chip acceptance is standard, Ericksen says. “The small and medium-sized businesses are continuing to upgrade.”

Chip cards also are beginning to have their desired effect in reducing counterfeit fraud, according to Visa. Dollar losses from counterfeit fraud at merchants accepting Visa chip cards were down 26% in January from January 2015, according to Ericksen. “There’s some merchants that have had even more significant decreases,” she says, adding that 15 of the 25 merchants with the most counterfeit fraud losses now can accept chip cards.

The network liability shifts that took effect last October assign financial responsibility for counterfeit fraud to the merchant or card issuer involved in a point-of-sale purchase that did not support EMV. In its latest EMV report, MasterCard said counterfeit fraud at a group of large EMV merchants fell 39% from January 2015 to January of this year.

The POS liability shifts are causing fraudsters to shift their attention to the vulnerable card-not-present channel. Visa did not have recent CNP fraud figures available Monday.

Retailers Need to Prep for High-Tech Card Chips and Digitized Shopping

This past decade brought us the iPhone, the maturation of the Internet of Things and the ability to pay with a dip, a tap, a text and a blink. We saw social platforms launch, unify the globe and then surpass 1.5 billion users, more than the population of the biggest country on earth.

These innovations and many others have transformed how we live, how we interact and, of course, how we shop.

On the heels of such change and technological disruption, we note six important trends that retailers, large and small, should embrace to find new customers, drive more sales and win the hearts of their most loyal customers.

Customizing for the Consumer. People are hungry for a personalized shopping experience; roughly half of shoppers we recently surveyed say their top frustration is retailers not knowing what they want. Retailers who can articulate to their customers that they have the right product, at the right time, for their needs will win. Enriched customer data provides retailers with the insights to enter a new era – The Personalization of Retail. Retailers who focus on the “micro-moments” of the buying decision-making, leveraging insights from loyalty programs, marketing engagement and enhanced analytics, will stay relevant and ultimately drive sales. Up next is a more curated digital experience with highly relevant, personalized product recommendations and promotions.

Digitizing the In-Store Experience. With 62% of shoppers saying they do more research online than in the past and the average grocery store carrying upwards of 42,000 products, it’s likely that customers know more than sales people about any one item. Enter the new technology-enabled retail environment that frees sales personnel to be concierges instead of hard-push spend drivers. Think of it as The Apple Store approach at scale. The growth of beacon technology, for example, lets retailers engage with consumers in a real time, relevant way that enhances their overall experience. Equally important is focusing on fewer, key efforts and creating a top-notch overall omni-shopping experience.

The Socialization of Shopping.  Nearly 80% of consumer purchases are now informed by a device, giving the shopper near ubiquitous access to information, reviews, prices and offers. While friend and family recommendations are the most important to consumers – so say 83% of respondents to a recent Nielsen survey – two-thirds of consumers say they also trust third-party reviews posted online. We anticipate savvy retailers will expand their digital presence via direct sales with buy buttons; savvy P2P product education; and “real life” product descriptions, driving genuine reviews and incenting sharing.

The Internet of Things Continues to Rev Up.Appliances, wearables, cars, light bulbs and gadgets of all types are becoming connected. Up to 10 billion devices today, and 50 billion by 2020. In a world where connectivity is a given, convenience will be table stakes. The connected consumer, challenged with shrinking personal time and increasing demands on it, is looking for technologies that are convenient, accessible and secure. We anticipate more launches like shopping apps that let consumers order groceries from the refrigerator with a few simple taps. For the smart retailer, the true differentiators will be interconnectivity and seamlessness in the shopping experience as consumers seek out a family of products and services that work together to simplify and improve their lifestyle.

Digging Deeper with the Chip. Look for more features and functionality out of chip cards. While the U.S. is migrating to the technology, Europeans and others around the world already enjoy smart, interactive cards offering a variety of services, from multi-account access to multiple payment options to multi-currency cards.

Checking In with the Travel Economy.According to MasterCard SpendingPulse, 2015 saw record spending on airlines and lodging. Consumers are taking advantage of their vacation time to shop, looking to find their trusted and preferred brands and discovering new ones. This is happening within countries but also amplified across borders, particularly for categories like luxury. The threaded development of cities, travel and commerce can be a guiding force for new partnerships—and open new opportunities for retailers.

For discerning customers with nearly endless choice, the experience is a deciding factor. Retailers who understand that and take advantage of the latest trends will be poised to deliver the best possible experience—and gain the sale.

By Max Chion and Michael Cyr

Max Chion is executive vice president of global acceptance products and Michael Cyr is executive vice president of U.S. market development for MasterCard.

How Can Merchants Close the EMV-NFC Knowledge Gap?


One of the more perplexing elements of the slow, long-awaited march to EMV-chip cards in the U.S. is the lack of awareness that still pervades among merchants and consumers alike.

At the same time, mobile wallets such as Apple Pay have had no trouble becoming household names despite having fairly low adoption.

Three months past the U.S. EMV liability shift — the soft deadline set by the card networks for EMV adoption — Scott Holt, a vice president at Ingenico in North America, sees a chance to finally shift consumers away from their old payment methods. The twist is that it won’t be by consumers’ choice.

By the end of 2016, much of the U.S. retail market will be compliant with EMV and mobile wallets, Holt said. Consumers will have no choice but to abandon magnetic stripe payments, but when they do it will open up the opportunities to choose something other than EMV’s chip-and-dip process, he said. “People will have to learn a new experience with EMV anyway.”

The migration to both Near Field Communication-based wallets and EMV will place pressure on floor-level personnel at retailers to educate consumers on the new technologies. In particular, cashiers are the key to a smooth transition to new payments technology, as Beatta McInerney, a business development manager of payments for point of sale technology company ScanSource POS and Barcode, explains in recent column for PaymentsSource.

Retailers must train cashiers to spot if a consumer has an EMV chip even if the merchant is not accepting EMV cards at this point, McInerney said. This gives retailers an opportunity to teach the process at a more measured pace.

“Consumer experience is largely dependent on the education of retailers,” Holt said, adding that includes the skills to recognize and help consumers who are confused about how the new terminals work. Placing the right prompts into point of sale software is also important, he said.

The delays aside, Ingenico reports the EMV migration in the U.S. is progressing similar to other countries, adding it’s tracking the migration to tailor the education it will provide to merchants over the course of the next year.

“The incentive to provide customer service is clear,” said Rick Oglesby, a senior analyst and consultant for Double Diamond Payments Research. “However, the incentive to provide customer service is very different from the incentive to promote, so assuming that NFC will take off once the front line staff are trained is a pipe dream.”

Non-NFC wallets have a better chance, despite relying on less sophisticated technology. “Merchants do have an incentive to promote non-NFC solutions that they own, such as the Starbucks app … which is why closed loop solutions have had more success than NFC to date,” Oglesby said.

Speed, Compliance and Encryption Can Combat Holiday Payments Fraud


Exciting growth opportunities exist for small and medium businesses taking advantage of the ever-increasing holiday shopping season. However, amidst this positive backdrop, lurks the negative threat posed by hackers and cyber criminals that prey on holiday shoppers and businesses.

Small and medium businesses can’t ignore the fact that they’re, in many ways, an easier and more alluring target than big-box stores for a cyber attack. In fact, one study notes that one in five small and medium businesses will fall victim to a cyber criminal.

With the variety of payment options available to customers, the growth of mobile purchases, and the increased sophistication of cyber attacks, small and medium businesses must take extra precautions to ensure customer information is protected from all angles. Your customers need to know their personal and credit card information is safe when making a purchase from your business.

Here are eight payment security recommendations that all small and medium businesses should follow throughout this holiday season and beyond.

Be vigilant. Keep detailed records of all sales transactions, including the date, time, and names of employees involved in the sale. The contact information for the customer should also be recorded. Detailed notes will become invaluable if a data breach does occur.

Act fast.  In the event of a data breach, the key is to get to work right away to determine the cause of the breach and implement solutions. If you’ve taken detailed records, these notes will help you determine exactly when the breach occurred, allowing you to immediately take the necessary action to fix the situation and let affected customers know.

Communicate. A Bizrate Insights study from earlier this year found that the more than two-thirds of buyers worried about data security are more confident when making online purchases when a well-known trust symbol is visible. Tell your customers about the precautions your business is taking to protect their personal and credit card information. Communication, especially when it comes to data security, can go a long way to boost customer confidence.

Pay special attention to online orders. When a card isn’t present at the point of sale, such as during an over-the-phone or online transaction, they’re inherently riskier; thus, small and medium businesses should be even more aware of possible fraud. Be on the look-out if any of the following occur: the order is larger than normal; an order includes several of the same item; items are being shipped to an international address; transactions include similar account numbers; transactions are placed using multiple credit cards; multiple transactions are placed on one credit card during a short time period; sales are processed through the Deaf Relay System; cardholder asks for Wires or funds through a money transfer service, such as Western Union; or the sale seems “too good to be true.”

Train employees. Your employees are the eyes and ears of your business. Train them on your payment processing program so they’ll be able to detect when something doesn’t seem right. This will not only help prevent internal problems but also external threats. Consider having employees complete a payment checklist every time a purchase is made. The checklist should verify that address verification (AVS) is a match; confirm the 3-digit CVV security code; and ship to the AVS-verified cardholder billing address.

Don’t keep credit card information.  Storing credit card numbers at your business site or on your software is a breach waiting to happen. Don’t rely on data security to be completely safe. If you don’t store sensitive credit card data, you’ve already taken a major step toward lessening your fraud threat level.

Don’t slack on compliance.  Ensure your software is updated and that your businesses’ payment security programs are compliant with the Payment Card Industry (PCI) Security Standards Council. New PCI regulations came out earlier this year. To find out more about them, visit this PCI Security Standards Council site. Your software should also be certified by the Payment Application Data Security Standard (PA-DSS). And, don’t forget about EMV (Europay, MasterCard, and Visa) regulations, which went into effect on October 1. You can learn more about those in our Sage resource center.

Use end-to-end encryption. Keep sensitive information safe from hackers and cyber criminals with end-to-end encryption. Encryption is one of the best protectors small and medium businesses can use to keep importation information from getting into the wrong hands. This is especially important when sending sensitive information from one device to another as it can ensure the data is scrambled before transmission.

If you can’t implement these best practices before this holiday season comes to an end, make a point of focusing on payment security as one of your top business resolutions for 2016.

Paul Bridgewater is CEO of Sage Payment Solutions.

What’s in Your (Digital) Wallet? Chances Are, At Least One Proprietary Card

Ever since the launch of Apple Pay more than a year ago, mobile wallets have followed a pattern of recruiting financial institutions to enable their network-branded credit and debit cards to work in the wallet apps. But retailers are getting in on this action, as well, with their proprietary cards, and research released on Tuesday shows why.

Image Credit: Synchrony Financial

It turns out that store cards have stolen big chunks of store sales share in recent years, despite the Great Recession and a relatively weak recovery. At Kohl’s Corp. stores, for example, the proprietary card program accounts for fully 58% of sales, up from 44% in 2008. Recently, Kohl’s became the first retailer card issuer to complete a technical link to Apple Pay.

That’s the biggest store-card share among seven merchants examined by Ryan Douglas, senior consultant at First Annapolis Consulting, in “The Resiliency of Retail Credit Cards,” an article in the November issue of the Annapolis, Md.-based firm’s “Navigator” newsletter. Not too far behind are the store cards at Macy’s Inc., at 48% of sales, and Nordstrom Inc., at 42%. The Macy’s card program gained only 1 percentage point over the 7-year period, but Nordstrom’s cards picked up fully 13 points.

Other dramatic gains have been notched by Target Corp., whose RedCard debit and credit card program shot from 7% to 21% of sales, and Stein Mart Inc., where the proprietary program soared to 13% from less than 5%. At Target, the debit share alone now stands at 11.1%, but was negligible in 2008.

Another notable case is that of Best Buy Co. Inc. Its proprietary program now accounts for one-fifth of sales, up from 17% in 2008. The seven store card programs include private label, cobranded, and debit programs.

Not all proprietary card programs Douglas studied gained share, however. The Home Depot Inc.’s card program, for example, dropped from 29% of sales to 23%, he tells Digital Transactions News. “There’s no real silver bullet,” he says, to achieve growth. Kohl’s has done it through credit events, smooth sign-up in stores, and heavy-duty in-store advertising, while Target and Stein Mart have gained via revamped loyalty programs, Douglas says.

At the same time, store-card servicers like Synchrony Financial are also tying their systems to mobile wallets. Synchrony, whose major clients include J.C. Penney Inc., links to Apple Pay but is also working with Android Pay, Samsung Pay, and, not surprisingly, CurrentC, the wallet sponsored by the retailer-controlled Merchant Customer Exchange LLC. Best Buy is among 40 major retail brands that own MCX.

For now, Target’s RedCard is the only private-label option in CurrentC, but more are coming. “There’s tons of work under way to enable private label in that wallet,” Carol Juel, chief information officer at Synchrony, tells Digital Transactions News. “We learned a lot from the initial rollout of Apple Pay and we learned a lot from the launch of bank cards in the various wallets.”

Clearly, the growth merchants have wrung out of their store card programs makes them more attractive candidates for wallet sponsors like Apple Inc. But the retailers themselves stand to rack up even more gains by making their cards accessible via widely promoted mobile apps.

“As retailers and issuers look for growth opportunities and respond to changing consumer behaviors, they are investing in areas such as mobile wallets/payment solutions,” says Douglas in the article.

For both wallet providers and stores, it doesn’t hurt that store cards are typically held by retailers’ most loyal customers. “Retail credit programs are quite resilient—higher APRs are able to absorb economic shocks and mature programs tend to have a solid base of seasoned cardholders that are quite loyal to the brand and use the product to compartmentalize their spend,” Douglas writes.

Still, while wallets may make sense for some retailers, merchants are far from acting in unison, or with undue speed, on the matter. Many just don’t see a big first-mover advantage, Douglas says. “The fast-follower approach is where a lot of these retailers are playing,” he adds.

And a few have developed a proprietary wallet. Neiman Marcus Group’s wallet, for example, went live in February. “They would rather that the customer use their own wallet,” aays Douglas. “They’re thinking, we can get better access to customer data.”


Black Friday Continues As an Online Hit, But Thanksgiving Not Far Behind

Holiday shoppers took advantage of online deals on Thanksgiving and Black Friday, the day after Thanksgiving, ringing up $2.8 billion in sales for retailers, according to research firm comScore Inc.

Online sales on Thanksgiving topped $1.1 billion, a 9% increase from $1 billion in 2014.Black Friday sales of $1.7 billion were 10% higher than $1.5 billion in 2014.

“This is also the second straight year that Thanksgiving has established itself as one of the more important online buying days, while Black Friday continues to gain in importance online with each passing year,” said Gian Fulgoni, comScore chairman emeritus, in a press release.

Retail sales in stores were estimated by research firm ShopperTrak at $12.1 billion for both Thanksgiving and Black Friday. That is a decrease from the 2014 figure of $12.3 billion.

“This year, we saw Black Friday ads emerge before Halloween, as retailers aimed to get at the shopper’s wallet early,” said Kevin Kearns, ShopperTrak chief revenue officer, in a press release. “And from our data, we saw greater retail sales generated prior to the Black Friday weekend, which is a result of retailers successfully elongating the holiday season.

Digging deeper into consumer e-commerce shopping patterns over the long holiday weekend, mobile traffic accounted for 57.2% of all online traffic, a 15.2% increase from 2014, says IBM Corp.’s “Black Friday Report 2015.” Mobile sales accounted for 36.2% of all online sales.

Smart phones were the device of choice for many consumers, accounting for 44.7% of all online traffic, a significantly higher figure than the 12.5% for tablets.

With respect to actual online sales, 20.6% were made with smart phones, IBM says, compared with 15.5% for tablets.

As for Cyber Monday, IBM forecasts online sales will grow by more than 18% compared to 2014. ComScore said e-commerce spending on the 2014 Cyber Monday was $2 billion.

8 Frequently Asked Questions About EMV


The nationwide shift to EMV is well underway.

EMV — which stands for Europay, MasterCard and Visa — is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers are migrating to this new technology to protect consumers and reduce the costs of fraud.

“These new and improved cards are being deployed to improve payment security, making it more difficult for fraudsters to successfully counterfeit cards,” says Julie Conroy, research director for retail banking at Aite Group, a financial industry research company. “It’s an important step forward.”

For merchants and financial institutions, the switch to EMV means adding new in-store technology and internal processing systems, and complying with new liability rules. For consumers, it means activating new cards and learning new payment processes.

Most of all, it means greater protection against fraud.

Approximately 120 million Americans have already received an EMV chip card and that number is projected to reach nearly 600 million by the end of 2015, according to Smart Card Alliance estimates.

Want to know more about the transition and your new chip-equipped card? Here are eight frequently asked questions to help you understand the changes.

1. Why are EMV cards more secure than traditional cards?

It’s that small, metallic square you’ll see on new cards. That’s a computer chip, and it’s what sets apart the new generation of cards.

The magnetic stripes on traditional credit and debit cards store contain unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. That makes traditional cards prime targets for counterfeiters, who convert stolen card data to cash.

“If someone copies a mag stripe, they can easily replicate that data over and over again because it doesn’t change,” says Dave Witts, president of U.S. payment systems for Creditcall, a payment gateway and EMV software developer.

Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again.

If a hacker stole the chip information from one specific point of sale, typical card duplication would never work “because the stolen transaction number created in that instance wouldn’t be usable again and the card would just get denied,” Witts says.

EMV technology will not prevent data breaches from occurring, but it will make it much harder for criminals to successfully profit from what they steal.

Experts hope it will help significantly reduce fraud in the U.S., which has doubled in the past seven years as criminals have shied away from countries that already have transitioned to EMV cards, Conroy says.

“The introduction of dynamic data is what makes EMV cards so effective at bringing down counterfeit card rates in other countries,” she says.

2. How do I use an EMV card to make a purchase?

Just like magnetic-stripe cards, EMV cards are processed for payment in two steps: card reading and transaction verification.

However, with EMV cards you no longer have to master a quick, fluid card swipe in the right direction. Chip cards are read in a different way.

“Instead of going to a register and swiping your card, you are going to do what is called ‘card dipping’ instead, which means inserting your card into a terminal slot and waiting for it to process,” Conroy says.

When an EMV card is dipped, data flows between the card chip and the issuing financial institution to verify the card’s legitimacy and create the unique transaction data. This process isn’t as quick as a magnetic-stripe swipe.

“It will take a tiny bit longer for that transmission of data to happen,” Witts says. “If a person just sticks the card in and pulls it out, the transaction will likely be denied. A little bit of patience will be involved.”

3. Is card dipping the only option?

Not necessarily. EMV cards can also support contactless card reading, also known as near field communication.

Instead of dipping or swiping, NFC-equipped cards are tapped against a terminal scanner that can pick up the card data from the embedded computer chip.

“Contactless transactions are more consumer-friendly because you just have to tap,” said Martin Ferenczi, president of Oberthur Technologies, the leading global EMV product and service provider. “Around the world, there is a move to make EMV cards dual-interface, which means contact and contactless. However, in the U.S., most financial instructions are issuing contact cards.”

Dual-interface cards and the equipment needed to scan them are expensive. Right now, the first step is to successfully integrate EMV cards into the U.S. shopping scene. Dual interface will arrive later, according to Ferenczi.

4. Will I still have to sign or enter a PIN for my card transaction?

Yes and no. You will have to do one of those verification methods, but it depends on the verification method tied to your EMV card, not if your card is debit or credit.

Chip-and-PIN cards operate just like the checking-account debit card you have been using for years.

Entering a PIN connects the payment terminal to the payment processor for real-time transaction verification and approval. However, many payment processors are not equipped with the technology needed to handle EMV chip-and-PIN credit transactions. So it is not likely you will have to memorize new PINs anytime soon, according to Conroy.

“There aren’t going to be many issuers requiring a PIN,” she says. “A vast majority will be issuing chip-and-signature cards, which aren’t all that different from how credit cards work now.”

As with a magnetic-stripe credit card, you sign on the point-of-sale terminal to take responsibility for the payment when making a chip-and-signature card transaction.

Once the transition to EMV is under way in the U.S., chip-and-PIN cards will be transitioned in. Again, it is one step at a time, according to Ferenczi.

“The card production demand today is really based on chip-and-signature cards,” he says. “It will probably take two to three years to fully convert to chip-and-PIN.”

Despite a slow transition overall, those who get chip-and-PIN cards will be able to use them right away.

“If a terminal doesn’t have the ability to accept a PIN, it will then step down to accepting a signature,” says Randy Vanderhoof, executive director of the Smart Card Alliance. “There will always be a secondary option.”

5. If fraud occurs after EMV cards are issued, who will be liable for the costs?

Today, if an in-store transaction is conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor or issuing bank, depending on the card’s terms and conditions.

After an Oct. 1, 2015, deadline created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction.

Consider the example of a financial institution that issues a chip card used at a merchant that has not changed its system to accept chip technology. This allows a counterfeit card to be successfully used.

“The cost of the fraud will fall back on the merchant,” Ferenczi says.

The major credit card issuers each have published detailed schedules about the upcoming shift in liability. The change is intended to help bring the entire payment industry on board with EMV by encouraging compliance to avoid liability costs.

Any parties not EMV-ready by October 2015 could face much higher costs in the event of a large data breach.

Automated fuel dispensers will have until 2017 to make the shift to EMV. Until then, they will follow existing fraud liability rulings.

6. So by Oct. 1, 2015, the transition to EMV technology will be complete? 

Not exactly.

Although the upcoming deadline is strong encouragement for all payment processing parties to become EMV-compliant as soon as possible, experts do not believe everyone will comply by that date.

“Don’t expect a big bang in October of 2015,” says Doug Johnson, vice president of risk management policy for the American Bankers Association. “In terms of rollout, we expect about 50 percent of banks and retailers to be completely transitioned over. It’s going to take a little time to adapt.”

Aite Group estimates that by the end of 2015, approximately 70 percent of credit cards and 40 percent of debit cards in the U.S. –1.1 billion cards total — will support EMV.

“We are the most fragmented and the largest market that has ever gone to the EMV standard,” Conroy says. “There’s going to be varied customer experiences over the first year, year-and-a-half of this transition.”

While many chip cards have already been issued, some people may have to wait longer than others before sent a new EMV card, according to Johnson.

“If consumers have cards that are expiring between now and October, those will likely be first in line to transition to chip cards,” he says. “Different companies will have different rollout strategies. Some will base their actions on card expiration dates; others will work to get chip cards into the consumer’s hands by the October liability deadline regardless,” says Johnson.

EMV debit cards may be issued to consumers at an even slower pace due as banks retailers have to prep their software to accept those cards as well, according to Ferenczi.

“Very few point-of-sale systems can accept debit EMV in the U.S. right now and the upgrade specs were issued only late last year,” he said. “But I can tell you that the cards have been produced, they just aren’t in consumer hands right now. I predict the debit delay will catch up by the deadline.”

7. If I want to use my chip-card at a retailer that doesn’t support EMV technology yet, will it work?

Yes. The first round of EMV cards — many of which are already in consumers’ hands — will be equipped with both chip and magnetic-stripe functions so consumer spending is not disrupted and merchants can adjust.

If you find yourself at a point-of-sale terminal and are not sure whether to dip or swipe your card, have no fear. The terminal will walk you through the process.

“For example, if you enter a card into the chip reader slot but the reader isn’t activated yet, it will come up with an error and you’ll be prompted to swipe the card in order to use it,” Vanderhoof says.

And vice-versa.

“If a consumer tries to swipe a chip card instead of inserting it, an error will appear and they will be prompted to insert the card for chip processing instead,” Vanderhoof says.

If chip-card readers are not in place at a merchant at all, your EMV card can be read with a swipe, just like a traditional magnetic-stripe card.

“You can still conduct transactions, you just lose that extra level of chip security,” Johnson says.

8. Will I be able to use my EMV card when I travel outside the country?

Yes and no.

The U.S. is the last major market still using the magnetic-stripe card system. Many European countries moved to EMV technology years ago to combat high fraud rates. That shift has left many U.S. consumers who have magnetic-stripe cards looking for other forms of payment when they travel.

Since many foreign merchants are wary of magnetic-stripe cards, consumers who hold some type of chip card may run into fewer issues than those without one, according to Ferenczni.

“Just the existence of the chip will likely make European merchants more willing to accept transactions that they wouldn’t have likely accepted if a customer presented a mag-stripe card,” he says.

However, chip-and-PIN cards are the norm in most other countries that support EMV technology. So consumers with chip-and-signature cards may still find merchants who are unwilling or unable to process their card, even though it does have an embedded chip.

Unmanned payment kiosks in Europe — such as bike rental stations, train ticket stations and parking permit dispensers — may give U.S. travelers the most difficulty since most are set up to strictly accept chip-and-PIN card only, according to Ferenczi.

But despite any difficulties in the transition, Ferenczi says the change is a step in the right direction.

“Nobody likes to think that his or her card is being secretly used for other purposes,” he says. “So I think regardless, there is a level of comfort knowing that it will be far more difficult to counterfeit EMV cards.”
Read more:

Is your Business PCI compliant?


PCI 3.1

The Payment Card Industry security standards council’s PCI 3.0 revision, revealed in January, adds requirements that take effect at the end of June, putting unprepared merchants at risk of fines if they suffer a breach.

The new rules require that merchants consistently monitor their network and communicate clearly with third-party security service providers about password management and system testing.

With five new requirements taking hold soon, merchants may feel as if they need a scorecard to keep track of the PCI standards changes and upgrades. The PCI council delivered a PCI 3.1 update in April to warn e-commerce merchants about a change in Web security from Secure Socket Layer to a newer version of Transport Layer Security.

Some merchants are not aware of the new 3.1 update, let alone that some 3.0 controls are about to take effect, said Don Brooks, senior security engineer for Trustwave.

Chicago-based Trustwave estimates that a merchant suffering a breach could face between $100,000 and $500,000 in fines from the card networks, additional expenses between $50,000 and $100,000 to reach compliance, a $50 re-issuance fee per compromised card, and $2 per customer for credit monitoring. In addition, a merchant that has suffered a breach can expect anywhere between 8% to 19% customer churn, Trustwave says.

Those types of numbers have more retailers making security a high priority, rather than arguing over whether the PCI rules should apply to them, said Richard Mader, retailer consultant and president of Bernville, Pa.-based Mader International Consulting.

“The initial shock of PCI compliance is kind of fading because retailers have spent so much money on it already,” Mader said. “Today, it is more along the lines of the retailers realizing they have to do this because they can’t afford to be hacked, from a sales or customer trust standpoint.”

Retailers now realize they have to do everything possible to avoid breaches because being non-compliant means much more than “just a slap on the wrist from the card brands,” Mader said.

Retailers still have legitimate complaints about some aspects of PCI, but “they look at Target sitting in court and realize the retailers are legally responsible and end up paying,” Mader added.

When the new requirements take hold, businesses must verify that they have addressed any broken authentication or session management tools to avoid unauthorized individuals from compromising legitimate account credentials, keys or session tokens.

Third-party service providers must acknowledge in writing to customers that they are responsible for cardholder data security, and those with remote access to a merchant network must use a unique authentication credential for each customer.

Businesses must implement network penetration testing methods based on industry-accepted approaches.

In addition, merchants must maintain a list of their point of sale devices and periodically inspect them for tampering.

Keeping a log of required internal checks is an important part of PCI compliance for merchants because it helps thwart breaches and provides forensic researchers vital “pieces of the puzzle” after a breach to help determine what happened, Brooks said.

Merchants should never simply assume that a security vendor has taken care of all of the necessary tasks for PCI compliance, Brooks said. It is best for a merchant to be aware of what the vendor is doing and when, while also realizing that security technology is likely not their own forte, Brooks added.

It is also vital that merchants communicate with service providers now to make sure they will comply with the new requirements.

“The service provider may not need to get his documents in for compliance until October, but the merchant needs his information in place at the end of June,” Brooks said. “There could be some collisions here in timing that would cause security gaps.”

Is your business ready for the updates coming at the end of this month? Give us a call at 602-955-6984 and make sure your business is PCI compliant!