New Visa program could grow momentum for chip-and-PIN

Share this article:

A new Visa program that will exempt some European merchants from having to adhere to payment card security standards may spur the adoption of chip-and-PIN technology in the United States, according to a security analyst.

The program, announced Wednesday, eliminates the requirement for non-U.S. merchants to annually validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) if at least 75 percent of their Visa transactions originate from chip-enabled terminals.

The merchant would still be obligated to prove PCI compliance in relation to other transactions, such as MasterCard.

"I predicted this," Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com this week. "As payment card technology gets more secure, then there's less of a need to secure the merchant sites. It's redundant. Just secure the payment systems."

To qualify, retailers must outfit their locations with terminals that accept "contact or dual contact and contactless" chips, according to Visa.

EMV, more commonly referred to as chip-and-PIN, is a payment technology largely used in the U.K. It involves recognizing unique microchips embedded in credit and debit cards to validate that they are legitimate, and it has been credited with the declining fraud rates overseas.

Some firms in the United States, including mighty Walmart, are exploring the benefits of the technology, which has been held up here largely because of costs and incentive.

But the new Visa program may encourage more U.S. merchants to swap out their existing card readers if that means they too would be able to avoid the cost of PCI compliance.

"This may push the U.S. into it," Litan said. "Now it's a business case for merchants to start taking chip cards. It's a good incentive."

In October, the PCI Security Security Standards Council, tasked with managing the PCI DSS, released a guidance document for those organizations considering migrating their terminals to EMV.

Of course, for EMV to become a reality in the United States, banks must be willing to issue new cards containing chips. Yet, according to Visa, new debit card regulations that would cap the amount that card issuers can charge merchants when cards are swiped may curtail' banks interest  – even though financial institutions, not merchants, are typically the ones that must reimburse consumers for incidents of fraud.

A recent study from the Boston Consulting Group estimated that card issuers could be on the hook for $25 billion in annual costs due to these stricter regulations, known as the Durbin Amendment because it is principally sponsored by Democratic Sen. Richard Durbin of Illinois.

“With such a dramatic potential for revenue loss, financial institutions will likely curtail investments in future innovations," said Bill Sheedy, Visa's group executive for the Americas.

Doug Johson, vice president of risk management policy the American Bankers Association (ABA), an industry trade group, agreed with Sheedy's assessment.

"It demonstrates once again the folly and unintended consequences to mandate price controls within any environment," Johnson told SCMagazineUS.com on Thursday.

That is not to say, though, that the ABA is opposed to EMV, said Johnson, adding that the association supports the development of security technology and is closely monitoring retail adoption of chip-enabled terminals.

"It's not under our control to force," said Johnson, who predicted that market forces may "leapfrog" EMV altogether and embrace some other technology, such as a cell phone payment system.

Johnson said that while banks would stand to save on some fraud-related reimbursements if EMV were to gain steam, illegal activity would still persist.

"All we're doing is moving the fraud to somewhere where EMV is not in place, and we still take the loss," he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.