A quick look at EMV in the US
Is EMV “ready-to-go” in the US?
There are stories about pilot projects being put in place in major banks. But today, there are only a few EMV pilot programs have been launched in a country that has more than 15,000 banks, credit unions, and financial services firms.
As far as the US goes, liability shifts in the industry and fraud increase due to other countries migration processes are not the catalysts needed to encourage financial institutions in the US to, at least, comply with the EMV requirements by the deadlines set by Visa and MasterCard.
The breach of debit cards at Target stories during last Holiday season just might be that moment that propels EMV towards widespread adoption in the US. That breach cost Target upwards of $61 million according to published reports. But banks and financial institutions will still have to change their past behavior before EMV technology gains a stronger foothold in the US.
For example, last April , there was a major deadline affecting ATM operators. Just a few days before, the ATMIA (ATM Industry Association) made public the results of an industry survey showing an astonishing 88 percent of ATMs were still not ready for EMV! And even worse, , there were no many plans to comply with EMV in the short term.
Since the announcement of this major deadline being ignored, many finance and security professionals working in the finance industry were shocked. There is no clear definition of the architectures that need to be deployed by acquirers (not to mention Durbin routing requirements) that might compell ATM operators to carry out new and costly upgrades in a near future. And there appears to be no consequences for failing to meet the deadline.
Then the question is, does the industry really care about liability shifts as much as we could think?
Numerous studies about card fraud in the US showed an increase in debit/credit card fraud, but apparently not enough to justify the investment required adapting their infrastructures. However we should not forget that magnetic stripe specialized fraudsters from all around the world are looking at the US right now even as the industry recovers from the Target breach. We can be sure we’ll see an increasing number of credit/debit cards reported fraud cases in the next months, and, maybe only then, the figures will start showing a real need for EMV.
To be completely honest, this is neither new nor surprising to us. It’s not a new story. Almost every country that has accomplished, or at least initiated the migration to chip technologies, has gone through the same fears and mistakes. But in this case, against all the market signs, there are many reasons to stay optimistic. Obviously there are some particularities in the US payment-cards market that will be technically challenging (I will cover those in coming posts), but in general, EMV is considered a mature technology (over 140 countries have already deployed it). As well as the experience accrued by professionals and companies involved in the migration process will dramatically ease the transition from magnetic stripe to chip technologies and reduce the required investment.
Last but not least, it’s very important to keep in mind that, at this very moment, EMV projects are still not a priority at a corporate level at most banks, and these migration projects will only gain visibility and priority when the top management will realize the importance and the benefits of EMV. The Target breach did EMV technology a favor.