Ready or not, EMV is coming and U.S. card issuers need to get ready. Today, about 90 countries with an estimated 1.6 billion cards have already converted to EMV-compliant chip technology from the older magnetic stripe and another 40-some countries have migrations under way. And the U.S., the largest payments market in the world, will soon join them.
Security concerns are prompting the switch. In every case where a country has converted to EMV, both point-of-sale and (POS) and ATM fraud losses have declined significantly, although the technology’s protection against card-present fraud is stronger than for card-not-present transactions (e.g., Internet purchases). The U.S. resisted the trend for many years because the cost to convert U.S. cards to EMV is high (an estimated $10 billion plus) and U.S. banks already enjoyed strong fraud protection, thanks to their investments in online authorization of almost every transaction, real-time fraud detection systems and sophisticated analytics to detect anomalies and block suspicious transactions.
But fraud is rising on U.S. payment cards, as more countries have migrated to EMV and criminals have shifted their focus to the shrinking pool of magnetic strip holdouts. For that reason, as well as issuer mandates – Visa, MasterCard, Discover and American Express have all established timetables for a multi-year implementation of EMV – U.S. banks are now moving forward with EMV migration.
The transition won’t be easy but fortunately, U.S. issuers can learn the following lessons derived from the experience of banks in other countries:
Compliance is not a strategy. If you view EMV primarily as a compliance challenge, you would not be unusual; the same was true of many banks in other countries. But like them, you will regret lost opportunities. True, some EMV ramifications will be the same for all banks, but many will depend on your role in the payments business, your customers’ needs and your existing payments infrastructure. Overlooking these business considerations, while treating EMV as a compliance matter, will sub-optimize even the most diligent compliance effort.
Treat EMV as you would a new business. Don’t be tempted to take short cuts on building your EMV business case or to model it on a “generic” version. Every business case we have been asked to review has severely underestimated the bank’s true fraud costs, current and projected, and its EMV business implications. You are in new territory, with a changing landscape and new players. That means old assumptions are likely to be flawed, the information you need might be missing or inaccurate and you might not be asking all the right questions. The result can be costly mistakes, missed opportunities and ultimately poor decisions regarding implementation strategy, timing and approach.
Don’t default your implementation to the networks and processors. We have seen many banks let payments networks and their processors take the lead in determining how and when the bank should implement EMV. Payment networks, outside parties and external vendors naturally tend to promote their own priorities and objectives, which are not necessarily in the bank’s best interest or aligned with the bank’s strategies. This is especially a major concern for banks that do not have sufficient clout with the networks and processors to set priorities and provide input to tailor EMV solutions and implementation according to their needs. This problem is compounded by the U.S.’s lack of a central governing agency or industry group to oversees EMV implementation and balance the needs of all stakeholders, as has been the case in most other countries.
Implementation will be complex – count on it! – but avoid the extremes. Banks in other countries will attest to having regularly underestimated the complexity and cost of EMV implementation. Whether a bank is a credit and debit card issuer and/or acquirer, processing in-house or outsourced, there are a myriad of operational and technical implications to interface and support EMV across multiple channels and products and internal and external processes.
We’ve noticed that banks tend to either of two extremes: overbuild with massive and costly multi-year projects with undefined payback or leave it up to their vendors. As vendors scramble to meet mandated EMV migration deadlines, it is not surprising if they take an expedient approach that supports the majority of their clients. You want neither of these extremes and need to define IT architecture and operational workflows that are right for your bank.
Stay attuned to value-added applications. Even though issuers are looking beyond the security and fraud prevention benefits of EMV, 90% of chip cards still support only the original application (i.e., cardholder account identification and authentication). Given the computing power contained in the chip and the broad range of capabilities enabled by EMV, that’s like owning a Maserati and only driving it in Manhattan’s rush hour. U.S. banks are well positioned as late adopters to take advantage of EMV to redefine the payments experience for consumers and create potential revenue opportunities.
It’s not just cards, it’s the payments system of the future. A common misconception is that EMV applies to cards only. This is understandable since the main focus and most of the cost of EMV migration for the U.S. deals with replacing magnetic stripe debit and credit cards with chip cards. Financial institutions and payments companies must not only issue new cards, but upgrade their ATMs and related infrastructure. Meanwhile, merchants must install new POS terminals as acquirers and processors modify their systems and operational procedures.
However, the implications of EMV are perhaps even more far-reaching for mobile and contactless payments. Both contactless cards and mobile phones have multi-application integrated chips that perform the same functions during a payment transaction as a chip embedded in an actual card. Mobile payment systems are expected to have a significant impact reshaping the U.S. payments landscape. According to Juniper Research, the market for mobile payment transactions will grow exponentially over the next several years to reach $650 to $700 billion by 2015. Most of this growth will be driven by near field communication (NFC) contactless applications, allowing digital purchases within physical stores through a variety of devices.
EMV is continually evolving and its versatility now extends to include contact, contactless, mobile and online transactions. As such, EMV provides issuers, acquirers, merchants and, most importantly, consumers with a functional and secure architecture and a technical, operational infrastructure that works consistently across multiple channels and form factors. Don’t overlook these considerations as you implement EMV technology.
Mr. Riedl is senior managing partner of Atlanta-based Bank Solutions Group, LLC. He can be reached at Les.Riedl@banksg.com.
Stay connected to Expert Perspectives, Research and Intelligence — subscribe to BAI Banking Strategies now!