Chip & Choice: The US EMV Story So Far
The EMV liability shift has been in effect in the United States for just over a month since its deadline of 1st October. This shift saw the country make a more concerted move towards the same in-store payment authentication method we are familiar with in Europe, and most of the world.
One trend is already clear, every player – except those with a vested interest – was wishing for something else, as is evidenced by its far from impressive adoption.
A recent survey predicts that it will be 2017 before 90% or more retailers are EMV compliant. Card issuers are faring slightly better, but even by Christmas 2015 as many as 30% of payment cards still won’t be EMV capable.
Yet, despite its slow progress, and regardless of far better alternatives, the momentum towards full EMV compliance in the US is inevitable. Unfortunately, despite its enormous benefit, the PIN is not mandatory, and the so-called Chip & Choice will be most prevalent. This includes signature.
This topic also occupied a central position in discussions at the worldwide payments event, Money2020, where keynote speakers and the media were keen to discuss the perceived barriers, consumer sentiment, and the ‘real’ reasons the US went in favour of the choice over PIN. Hot topics were the fragmentation in the US acquirer market and the (perhaps ridiculous) concern over consumer ‘confusion’ if asked to enter a PIN for payment.
Brands such as Target and key institutions in the US are already favouring the implementation of PIN. With this momentum a growing awareness of the power of PIN to enable secure transactions with 2-factor authentication is also growing in the States.
Nonetheless, as we have discussed before, as card present transactions become more secure, the risk that criminals will turn their attention to other avenues of attack (like card-not-present fraud) increases.
In the UK, for example, when EMV protocols (i.e. Chip and PIN) were introduced over 10 years ago, there was a welcomed decrease in counterfeit and stolen card fraud, quickly followed by a correlating increase in card-not-present fraud. However, without PIN, it is unlikely that card present fraud will see such a significant decline in the US, and without better authentication options than 3DS it is also likely that card-not-present fraud will continue to rise off it’s own accord.
The challenge for digital business in the US will be to keep transactions secure without impacting the customer experience. Security is critical in transactions, but excessive and clunky security is a sure way to drive away customers frustrated at the length of time it takes them to complete the purchase.
Undoubtedly, US consumers will follow global trends and become accustomed to the use of PIN as a way to authenticate in-store, but the technology exists now to allow them to use the exact same technology online.
A recent survey by Accenture into mobile payments in the US looked at Americans’ perception towards this EMV compliant ‘disruptive’ payment method and concluded that, as with any new payment method, uptake is always gradual, but in only a couple of years we will see a complete change in the payments ecosystem. With 52% of the population aware of mobile payments, its growing acceptance is only a matter of time.
“Users are interested in assurances that fraud would be covered, being contacted when there is suspicious activity on an account, and receiving immediate notification when a payment has been initiated and executed among other services.”
The power of the PIN will become increasingly obvious in the implementation of effective multi-factor authentication.