Visa, MasterCard and Europay formed EMVCo in the 1993 to combat and reduce fraud internationally, but in the United States, the slow transition to this new standard is causing problems of its own.
To date, more than 1.62 billion payment cards have been upgraded to comply with the standards set by EMVCo. This accounts for nearly 45 percent of all cards globally – most of which are in use outside the United States.
As this figure continues to climb, domestic financial institutions (FIs), merchants and consumers face an increasing threat of fraud, which is increasingly likely to occur in nations where the financial infrastructure has fewer safeguards in place. With the U.S. EMV liability shift four years away, what does the road to compliance look like, and what steps do acquirers, issuers and merchants need to take to prepare?
This is the subject of a new white paper released by global management consulting firm Accenture. Entitled “Payments Transformation – EMV comes to the US,” the release outlines four key decisions facing those in the payments ecosystem.
In this PYMNTS.com Data Point, we’ll take a closer look at two of the four decisions Accenture highlights in its research.
Offline Or Online Authentication?
According to Accenture, FIs first need to determine how they will verify the authenticity of EMV cards. This process can occur online or offline. Either way, authentication validates the EMV card before a payment occurs while providing additional safeguards against fraud.
Offline authentication – The card is verified by the merchant’s POS terminal, which reads information and certificates embedded in card’s chip. With this option, the terminals manage the payments brands they will accept.
Online authentication – The card is approved by the issuer using cryptographic certificates created by a card or mobile phone. This removes the need for important information to be housed on the physical card
How To Verify The Cardholder?
In an EMV system, cardholders verify their identity through three Cardholder Verification Methods (CVMs). These are a PIN, a signature or no CVM. The second decision facing FIs is selecting one of these options. Factors that could influence this decision include the level of fraud reduction desired by the issuer and customer attitude toward PINs.
Chip & PIN – Since much of Europe has elected to use PIN technology over concerns of the use of signatures, EMV cards are sometimes known as “chip-and-PIN cards” overseas. Read by dipping the card into a POS, the chip-and-PIN is more secure, but alters the traditional customer experience.
Chip & Sign – The chip & sign method may lead to a smoother adoption of EMV cards in the United States because this process is similar to the one used currently with magnetic-stripe cards. However, these transactions are less secure, and may make consumers vulnerable to fraud and theft: one of the main issues the EMV transition could help the United States solve.
No CVM – In this choice, neither a signature nor PIN is used to verify transactions. By making this choice, issuers would need a merchant POS structure to support this feature. No CVM is best suited for low value transactions, such as unattended terminals ie mass transit, as an example.
For more insights from Accenture, read the full white paper here.