New Visa program could grow momentum for chip-and-PIN

Share this article:

A new Visa program that will exempt some European merchants from having to adhere to payment card security standards may spur the adoption of chip-and-PIN technology in the United States, according to a security analyst.

The program, announced Wednesday, eliminates the requirement for non-U.S. merchants to annually validate their compliance with the Payment Card Industry Data Security Standard (PCI DSS) if at least 75 percent of their Visa transactions originate from chip-enabled terminals.

The merchant would still be obligated to prove PCI compliance in relation to other transactions, such as MasterCard.

"I predicted this," Avivah Litan, vice president and distinguished analyst at Gartner, told SCMagazineUS.com this week. "As payment card technology gets more secure, then there's less of a need to secure the merchant sites. It's redundant. Just secure the payment systems."

To qualify, retailers must outfit their locations with terminals that accept "contact or dual contact and contactless" chips, according to Visa.

EMV, more commonly referred to as chip-and-PIN, is a payment technology largely used in the U.K. It involves recognizing unique microchips embedded in credit and debit cards to validate that they are legitimate, and it has been credited with the declining fraud rates overseas.

Some firms in the United States, including mighty Walmart, are exploring the benefits of the technology, which has been held up here largely because of costs and incentive.

But the new Visa program may encourage more U.S. merchants to swap out their existing card readers if that means they too would be able to avoid the cost of PCI compliance.

"This may push the U.S. into it," Litan said. "Now it's a business case for merchants to start taking chip cards. It's a good incentive."

In October, the PCI Security Security Standards Council, tasked with managing the PCI DSS, released a guidance document for those organizations considering migrating their terminals to EMV.

Of course, for EMV to become a reality in the United States, banks must be willing to issue new cards containing chips. Yet, according to Visa, new debit card regulations that would cap the amount that card issuers can charge merchants when cards are swiped may curtail' banks interest  – even though financial institutions, not merchants, are typically the ones that must reimburse consumers for incidents of fraud.

A recent study from the Boston Consulting Group estimated that card issuers could be on the hook for $25 billion in annual costs due to these stricter regulations, known as the Durbin Amendment because it is principally sponsored by Democratic Sen. Richard Durbin of Illinois.

“With such a dramatic potential for revenue loss, financial institutions will likely curtail investments in future innovations," said Bill Sheedy, Visa's group executive for the Americas.

Doug Johson, vice president of risk management policy the American Bankers Association (ABA), an industry trade group, agreed with Sheedy's assessment.

"It demonstrates once again the folly and unintended consequences to mandate price controls within any environment," Johnson told SCMagazineUS.com on Thursday.

That is not to say, though, that the ABA is opposed to EMV, said Johnson, adding that the association supports the development of security technology and is closely monitoring retail adoption of chip-enabled terminals.

"It's not under our control to force," said Johnson, who predicted that market forces may "leapfrog" EMV altogether and embrace some other technology, such as a cell phone payment system.

Johnson said that while banks would stand to save on some fraud-related reimbursements if EMV were to gain steam, illegal activity would still persist.

"All we're doing is moving the fraud to somewhere where EMV is not in place, and we still take the loss," he said.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.