(November 1, 2014) -- We all know about the increasing amount of card fraud occurring in the United States. Home Depot, Target, Neiman Marcus, Kmart, Staples, popular Asian-style restaurant P.F. Chang’s and Goodwill Industries are only a few of the most recent card breaches consumers have seen in the past year.
In response to this sweeping epidemic, major retailers are beginning to back MasterCard, Visa and EMVco in their push to implement EMV chip-card technology. President Obama is also calling for EMV; mandating recently that all Federal payments be chip and PIN capable by 2015.
Historically, card skimming has been a much larger problem in areas outside the US. However, as the majority of the world implements EMV, fraud is migrating to areas that are behind on the technology. As the largest market holdout, the US. has become a haven for card fraud.
EMV migration is expected to reduce fraud occurrences due to the difficulty of copying the microprocessor chip embedded in the cards. The technology has been so effective that EMVco reports a 25 percent drop in skimming in Australia, 36 percent reduction in European fraud, 69 percent decline in fraud in the UK, 80 percent fraud decline in Brazil and 84 percent counterfeit decline in Malaysia.
An Aite Group report, “Card Fraud in the United States: The Case for Encryption” estimates US card fraud at $8.6 billion per year. However, that figure is expected to jump to around $10 billion by 2015, according to The Nilson Report. For many financial institutions, these numbers are worrisome in the face of stiff competition and reduced revenues in the wake of the Durbin amendment.
DRAWING A LINE IN THE SAND
While the benefits of EMV have been demonstrated around the world, the US has been reluctant to implement the technology. The costs of new cards — around four times more expensive — coupled with the logistics and expenditures required to update ATMs and POS systems has financial institutions, ATM deployers and retailers balking.
However, those same naysayers could be blowing their tops starting October of next year when they will begin paying for fraud costs themselves. In order to push the US into finally adopting EMV technology, the major card networks determined that an incentive may be in order. Visa and MasterCard led the charge by announcing a fraud liability shift that would put the costs of counterfeit fraud activity squarely on the shoulders of retailers, ATM providers and financial institutions…unless they are EMV compliant. If fraud occurs, the component of the transaction that was not EMV ready is held fiscally responsible.
HOW FINANCIAL INSTITUTIONS SHOULD BE PREPARING
Smaller financial institutions such as community banks and credit unions could potentially be some of the hardest hit by the liability shift. They must weigh the potential costs of absorbing fraud liability or updating to EMV. However, as EMV becomes the standard in the US, as it is throughout the rest of the world, banks and credit unions that have not upgraded may face other technology issues such as the inability to provide customers with contactless transactions.
Preparation for EMV is beginning at a rapid pace and financial institutions should be preparing their strategy, if not already implementing it.
- ISSUING NEW EMV CAPABLE CARDS
The first step to EMV preparation is to issue new debit and credit cards that are EMV capable. Aite predicts that, by the end of 2015, 70 percent of US credit cards and 41 percent of debit cards will be EMV capable with the largest banks like Bank of America, Chase and Citi leading the way. These numbers indicate that a large portion of community banks and credit unions may be vulnerable to fraud liability as MasterCard’s card liability shifts in October 2015.
In order to avoid this possibility, institutions should be pricing and evaluating EMV chip card vendors now. Selecting a vendor and placing an order as soon as possible will be essential to avoiding the last minute rush and potential danger of backordered cards.
Because EMV capable cards are around four times more expensive — $2-4 each vs. around $.15 for a traditional mag stripe card, according to a study by First Data — experts are suggesting banks and credit unions begin by issuing cards for customers/members that travel internationally, new card accounts and existing active cards that expire. But what about dormant or inactive cards? Banks and credit unions will need to weigh the risk of these cards becoming active and possibly incurring fraud costs versus the expense of issuing new cards that may not be used.
- UPGRADING OR REPLACING ATMs
The ATM liability shift is, thankfully, one year later – in October 2016. However, that date could lull card issuers into a false sense of security. ATMs are, possibly, the most intensive portion of EMV implementation for financial institutions. While newer ATMs may already be equipped with EMV-capable card readers, all ATMs will need new software that is still in the process of being developed and approved by the card networks. Many ATMs will need to be upgraded or replaced completely in order to meet EMV requirements.
Institutions should stay up to date on developments with payment processors as they become EMV certified. Since more data is sent during an EMV transaction than a magnetic stripe transaction, banks and credit unions should work closely with processors to make certain the transaction information is accommodated.
Be aware of the trials and pitfalls encountered in Canada and other markets. Try to avoid the issues that you can control by preparing for similar problems, e.g. payment brands launching new products and supply shortages.
- EDUCATING ACCOUNTHOLDERS
Consumers and clerks are going to be frustrated by the change. EMV payment card behavior is vastly different from what they are currently using. Rather than swipe cards at ATMs and POS terminals, an EMV transactions requires chip contact throughout the transactions. Consumers will need to be taught to insert their card and leave it in until the transaction is completed.
The more educated your cardholders are on EMV technology, the more likely they will be to not have problems with the switch. Consumer awareness can also reduce card reader failures, damage to cards and other costly issues caused by EMV card misuse.
HOW OUTSOURCE ATM CAN HELP
EMV seems to be just another note in a list of current and past ATM upgrade requirements including ADA, PCI and DSS. With the potential of contactless and cardless technologies, as well as the Federal Reserve’s announcement that it will begin issuing more tactilely designed currency, the list of ATM upgrades often seems unending.
Financial institutions looking to avoid these costly and recurring expenditures may want to consider ATM outsourcing options – handing over the upgrade costs and responsibility to a trusted vendor and, potentially, saving time and money on maintenance and management of their fleet. Like many outsourcing programs, Outsource ATM takes on the responsibility for your ATMs but also purchases them —freeing up your capital to develop new products and services.
It’s unavoidable; EMV technology is headed to the US. Being prepared is the just the first step in reducing fraud liability and upgrade costs.