A recent MasterCard survey says that 57 percent of American consumers are now expecting to receive their EMV chip cards in the mail within 6 months, especially after hearing news of recent data breaches. In a podcast interview with MPD CEO Karen Webster, MasterCard’s VP of Electronic Payments Oliver Manahan elaborated on this surge in consumer demand chip cards, how MasterCard propelling the anti-fraud methods as a whole, and why the change in consumer experience with EMV cards is expected to boost the transition to contactless payments.
KW: The results of one of MasterCard’s surveys showed that 57 percent of MasterCard’s cardholders said that they would be interested in receiving chip cards in 6 months or sooner. Why do you think consumers are anxious, and do you think they really understand what EMV technology will do for them?
OM: I think that, intuitively, American consumers understand that a chip card is more secure than a magnetic strip card. They may not understand the cryptography behind it, but I think they are reading enough articles in the papers these days, whether its data breach or privacy related, showing that other markets have implemented this technology. As a byproduct they understand its more secure, and logically, they want it.
KW: Another survey recently suggested that consumers hold merchants responsible for the breaches we’ve been reading about. Interestingly, however, they expect their issuer to protect them in the event that their data is compromised. Do you think that’s one of the reasons why issuers are anxious to move the ecosystem in the direction of EMV cards?
OM: It’s a very interesting perspective from the merchant and issuer side in that I think there’s a share of responsibility in protecting the payments system at large. There’s a perspective nowthat EMV cards are becoming ready and that they can get into cardholders hands, but in reality, roadmaps have existed for over two years to be ready for this day. A lot of planning has gone into it and the timing has been quite good – all of the planning required, and all that needed to be ready are now ready. Card issuers can now start at the same time that cardholders are interested in ensuring that they get the most secure form of payment, and merchants are upgrading as well.
KW: Are you hearing from issuers that they are willing to change their re-issue cycle to accommodate getting chip cards in the hands of consumers earlier then planned?
OM: I think it will depend. We already know that in some instances, for a frequent traveler who went to Europe often and perhaps had challenges there, they probably went off-cycle already. Then I think it will be a demand question – if they get a high-value consumer that calls up and wants the card now, there’s a good chance the issuer will say yes. But otherwise, if there isn’t a huge inbound volume of calls, the issuer will probably prefer to stay on their expiration cycle to reduce complexity for them going forward.
We’ve seen in other markets that cardholders also tend to wait until their card expires, assuming the new card they get will have the chip, and the market then flows in the normal cycle.
KW: Are you hearing from issuers that they are issuing debit and credit EMV cards, or are they focusing more on one versus the other?
OM: It’s both in general, but in the past year and a half or so, for the travel portfolio or corporate card, the focus has really been on credit cards. But at this point in time, it appears that both credit and debit will be going out in the coming months, at least for the big issuers.
KW: Let’s flip the conversation a bit to the merchant side, and what MasterCard is doing on the network side to help them look at the broad perspective of keeping cardholder data safe. EMV protects consequences of the breach but there are other things that merchants need to be doing to fully protect data. What are you guys doing to help that along?
OM: It’s an ongoing battle – as the criminal element stays active, we have to stay equally as active. You are absolutely correct– EMV is not a silver bullet, cure-all for everything. It devalues data and makes counterfeiting extremely difficult. But you’ve probably seen that recent tokenization specifications can be globally adopted, so that tokenization also devalues data. And encryption goes along with that too – point-to-point encryption also makes it difficult for criminals to access data. At the same time, fraudsters look for any sort of weakness, so we still need to make sure that we’ve got the network-type sophistication – risk-scoring systems within our networks as well as at the issuers’ host systems to look for out of band payment patterns.
KW: That’s always tricky, because you want to mitigate bad things from happening without compromising the consumer experience at checkout.
OM: Absolutely. There’s always a balance. We have seen in EMV markets that approval rates go up. As a shopper, if I go to Europe now and have my chip card, and a transaction comes through that authenticates that card as being the valid issued card from the issuer, they are very apt to approve it, assuming I am not across the world a minute later trying to complete another transaction.
KW: I’ve heard a lot of people say that American consumers will be surprised at how different the experience with an EMV card really is. I’m sure you’ve acknowledged that it will be a different experience, but what are issuers and you as the network to help merchants mitigate the downside of this different experience?
OM: It was similar to what we’ve done in other markets. It was the same for them where in the past, it was swipe your card and follow the prompts, asking for a PIN or a signature. The main change is that rather than swiping, you’re inserting your card and following the prompts. So, at a couple of levels, we’re working with the EMV migration form to come up with standard communication that will go out to acquirers, processors and merchants that will have the 3-step simple process.
In other markets, we’ve seen a nice migration to contactless at the same time. If it’s the case where speed is important to the merchant, bringing in contactless with limitless will remove that worry about inserting, waiting, and removing.
KW: How will this work in restaurants in the U.S.?
OM: Well, in my native country of Canada, we followed the implementation of mobile devices in Europe, implementing mobile handheld sets carried to the table by the server. The cardholder inserts their card and follows the prompts, and the added benefit is it has the option of calculating tip by percentage or dollar amount – you no longer need to calculate in your head. I know people have really liked that, and the servers like it too because a lot of customers default to a 20 percent tip. So they’re seeing their tips increase, and they’re not being viewed as the place of potential compromise, as before they walked away with the card, out of the consumers’ view.
KW: You mentioned mobile. Do you think this whole migration to EMV and a different consumer experience with the plastic card will accelerate the move to mobile?
OM: Actually, we’ve seen a nice opportunity to update the infrastructure. The fact that we’ve seen 1.6 EMV cards in market to date is really just a byproduct of the fact that that was the only form factor that had its place over the last 18 or 19 years. The exact same application that resides in our payment chips card is what is in a mobile phone – the same security, the same network message that carries it. Once you build it for EMV, you’re also building the same structure for mobile and potentially in the cloud, other ways of paying. It’s not really a “We’ve done EMV and now we don’t have to do something else,” or “We’ve done EMV and now we have to do something more from a security perspective,” it’s really just that we’ve built a baseline platform for security and now we can start doing things like mobile.
As an example, in Canada, we now see more than 17 percent of transactions being contactless, and a result we’ve seen mobile projects from various issuers. From a consumer perspective, they’re really looking for two things: convenience and security. So if you’ve got security already checked off with EMV, then convenience really does come with mobile, and the potential value-added applications that come along with it.
KW: What do you think we can take away from the experience in other parts of the world that will make this a smoother process in the U.S., recognizing that it is a different point of time and there’s a different consumer expectations?
OM: The main thing that we’re seeing is the “do it once, do it right” lesson. If you’re a merchant and you’re already undertaking the expense and rigor to update your POS infrastructure and you’re getting a device that supports contactless, you might as well go ahead and turn on that contactless. There will absolutely be more mobile handsets enabled for payments going forward, and there will be more EMV cards that are more secure. It will come to a point where consumers will notice the merchant that is enabled for the more secure technology versus those that are not. From an issuer perspective, it’s the same thing. Don’t look to do the bare minimum, but look to your business requirements and maximize your investment.
To listen to the full podcast, click here.