The roll out of the EMV (Europay, MasterCard and Visa), or chip cards, last fall, was expected to bring a new level of data security to American consumers and retailers, but depending upon whose talking the cards have either been a boon or a bust.
On the retail side the National Retail Federation (NRF) is not happy with chip card implementation with an NRF spokesman saying credit card providers are not certifying point-of-sale (POS) equipment fast enough. However, MasterCard called the progress made so far “tremendous” and continuing to grow.
“It is not going as smoothly as retailers would like. Retailers spent millions of dollars installing equipment and training staff, but the card industry did not provide certification personnel, said J. Craig Shearman, the NRF's vice president, government affairs, to SCMagazine.com. Shearman did not have an exact number of how many POS terminals were installed, but not yet accepting chip cards.
On October 1 all retailers in the United States were supposed to be prepared to accept EMV cards as a form of payment. Going forward liability for any breach that takes place will be shifted to the group that is less EMV-compliant in a fraudulent transaction, a MasterCard spokeswoman, told SCMagazine.com last fall.
Beth Kitchener, Mastercard's business leader, U.S. markets, said in an email to SCMagazine.com that all a merchant needs to do to activate their terminal was “contact their acquirer or payment services provider or terminal manufacturer to find out how to do so.” About 676,000 retail locations in the U.S. have chip-enabled terminals, with 611,000 being small or local businesses, Kitchener reported, with 63 percent of consumers' credit and debit cards contained EMV chips by the end of 2015, expanding to 98 percent by the end of 2017.
The credit card company said EMV card ownership and awareness has risen over the last year with 54 percent of consumers reporting that they own at least one such card and 30 percent of those being more likely to use their chip card than one with just a magnetic stripe.
Shearman also called on banks and credit card companies to upgrade U.S. EMV cards to chip and PIN. Currently, Americans only need insert their card and sign, which Shearman said is not as effective as having a PIN, which is the standard in Europe and with debit cards worldwide.
The one issue both sides agreed upon was that EMV cards alone will not solve, or even put a dent in, cybercrime.
Shearman likened the battle against hackers to a “constant high stakes game of leapfrog” where one side builds a fence 10-feet high and the other side then brings in a 12-foot ladder.
“I think in the big picture [the cards] will help keep data more secure, but it's hard to quantify,” Shearman said. “Cards don't stop hackers, but they do make it harder for them [criminals] to do something with the chip card.”
Kitchener credited with the cards having saved hundreds of millions of dollars in the 80-plus countries where the cards are now used by helping reduce counterfeit card fraud, however, she noted that “There are no silver bullets to prevent fraud.”
There has also been some positive traction made on the public policy front with Shearman cheering changes included in the latest federal budget that created a program that allows businesses to more easily shares cyber issues with the government. He did call for the government to take this a step further by creating a federal data breach standard. This would eliminate the need for larger businesses to deal with each state's data breach policy, he said.