[Dave Birch] Card fraud in Europe remains a problem. Or, more accurately, card fraud on European cards in the USA remains a problem. As I mentioned yesterday, I have absolutely no idea why Barclays puts a magnetic stripe on my debit card and I go to the US all the time. I am perfectly happy to use my US Dollar prepaid card to get money from ATMs in the US when I need to and since I can top it up online it’s really not a problem. It might be better all round if Barclays were to give me the choice of simply blocking all CNP and stripe transactions on my debit card. This is the Belgian way.

In the meantime, the report backs ‘geoblocking’ – deactivating the mag-stripe and making cards chip-only. Having become the first country to introduce this, Belgium has seen skimming losses fall to nearly zero, says Europol. The organisation admits though that geoblocking has its drawbacks, with users required to get their cards activated every time they visit a non-EMV compliant country.

[From Finextra: EU card fraud nets organised crime EUR1.5bn a year – Europol]

This is a reasonable interim solution — to simply reject all stripe transactions from cards with a chip (at the customer’s request) — although, as the Europol report notes, the real solution is for the US to go chip. (They are wrong about this, as the “something present” transaction would be another, and potentially better, way to solve the problem too, but more on this later.) Yes, I know the US is going to adopt EMV (after a fashion), the international standard for chip payment cards, but there are some early indications that the US EMV migration may not be as straightforward as the industry might hope. Forum friend Nick Collin, who knows a thing or two about EMV, noted this back in February last year. Writing in Banking Automation Bulletin (issue 297) he said that:

The US currently has no central co-ordinating body for the EMV migration. With no sign that the Fed will adopt this role, it falls to the card schemes to lead the industry.

I thought at the time that this was a good point, and I just assumed that the Feds or someone would set up a co-ordinating body, although this doesn’t yet seem to have happened. And this is only one of the differences between EMV migration in, for example, the UK and the USA. Another is the basic business case. In the UK, and most other countries, it was all about fraud. But in the US, where fraud is considered to be manageable because of the online authorisation infrastructure, it seems to be more about PCI. The cost of PCI has turned out to be astronomical, and the merchants who pay the bill are not happy with it. Visa and MasterCard will be incentivising merchants to follow the “liability shift” stick with the carrot of reduced PCI costs and Amex, too, have hit on the cost of compliance as a pressure point with merchants.

American Express plans to institute a Fraud Liability Shift policy to handle liability in case of a fraudulent transaction through EMV technology. The company will also exempt merchants who use its EMV chip-based processors from PCI Data Security Standard reporting requirements, in order to improve acceptability of its cards.

[From American Express Charges For $60 With New EMV Technology – Forbes]

The lack of a co-ordinating body, that could also serve as a media clearing house for news and information about EMV is, I think, going to be a problem in other respects as well since I’ve already read US magazine articles that contain utterly incorrect statements about EMV. To my mind, there is a tremendous need for top-to-bottom education about EMV. The Smart Card Alliance are doing their best with the EMV Migration Forum (EMF) — and Consult Hyperion are have been members of the forum since it began — but this is in a voluntary, information-only context and there is a limit to what it can do.

Looking at the current landscape, then, there are reasonable grounds for concern about the speed and effectiveness of EMV migration in the US. Meanwhile, the people who are going to have to pay for the transition to chip, merchants, don’t seem especially thrilled about it, even though there are some high profile supporters (e.g., Walmart) and while the schemes are instituting liability shifts, the majority of banks have yet to develop any plans for migration. The retailers would argue that the carrots and sticks are misaligned.

There is currently little incentive for banks to change the system, and potentially even less if the fraud adjustment rule fails to also recognize the $1.4 billion in fraud from a substandard system that rewards the banks and punishes the retailer.

[From Where s Banks Incentive to Cut Card Fraud? – Bank Think Article – American Banker]

It is not clear at all what the long term retailer position on this is although I don’t think I’m going out on a limb by predicting that any further wrinkles in the EMV rollout may see the window for opportunity slam shut as far as they are concerned. The retailers might decide to forget about the whole thing and shift to alternatives. I’ll blog some more on this tomorrow, but just as a pointer I suspect that they will want harmonisation between “online” and “offline” solutions.

Some years ago, I worked on a project looking at long-term trends in retail payments for one of the UK retail banks. At the centre of our analysis was the merging of online and offline payment systems and we talked about seeing the Card Present (CP) and Card Not Present (CNP) fade away as they were both replaced by the Something Present (SP) transaction. I think we are now seeing the market ask for the SP transaction, where anything that the retailer has confidence in can serve as the token to identify the source of funds and a PIN can serve to authenticate the customer.

A customer carrying a phone (Starbucks), or the retailer’s loyalty card (Safeway Fast Forward), or a contactless key fob (SpeedPass) or a finger (Auchan) already has everything they need to make a payment. So why would they want a plastic card, whether it has a chip on it or not? It is up to the issuers to make EMV cards something that the retailers want to accept, not try and make them something that they have to accept. They don’t.

These are personal opinions and should not be misunderstood as representing the opinions of 
Consult Hyperion or any of its clients or suppliers

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: