While the clock is ticking down toward the October 2015 EMV liability shift, an increasing number of analysts are questioning whether the majority of U.S. merchants will convert by that deadline, or at all.
According to reports in Banking Info Security, though the forthcoming shift will mean that issuers or merchant that do not support EMV will assume liability for fraud that is the result of a compromised mag-stripe card transaction after October of next year, that potential cost alone is not acting as a significant enough motivator, particularly for small banks and retailers.
“Community banks are evaluating what the liability shift means for them, and they are balancing that against the cost of issuing chip cards, as well as evaluating the cost of services related to issuing those cards,” says Cary Whaley, vice president of payments and technology policy for the Independent Community Bankers Association.
Smaller merchants face a similar issue – with relatively low card transaction volumes, the costs of upgrading to accept EMV cards could very likely outstrip the potential future costs related to fraud.
EMV enthusiasts however, continue to stress that as long as the badly out of date mag stripe card is out there, payments are just going to be less secure.
“The number of cards and terminals is important, but the more important metric to pay attention to is the percentage of chip-on-chip transactions, meaning the volume of EMV chip cards used at chip-enabled POS terminals,” said Randy Vanderhoof, executive director of the EMV Migration Forum. Senior Vice President of Risk Management Policy for the American Bankers Association Doug Johnson predicts 50 percent of the nation’s debit and credit cards will be chip-enabled by year’s end, but others, like Gartner’s Avivah Litan think that is a rather optimistic assessment.
“I don’t buy into projections that 50 percent of U.S. cards will be chip by the end of the year,” she says. “That’s way too aggressive. Maybe 50 percent of the merchant terminals will be chip-enabled, but they won’t be turned on.”
On the issuer end, large banks seems ahead of the EMV curve and are will have chip-enabled cards to market long before most merchants are ready for them.
“But we will see many smaller issuers and many, many retailers fail to be EMV-compliant by the end of this year,” contends Shirley Inscoe, a fraud analyst at the consultancy Aite.
So what are the takeaway stats? Depends on which group you ask. Forecasters’ estimates for how much EMV migration progress will be made this year vary widely. Here’s a sampling:
The EMV Migration Forum estimated that 2014 by its end saw about 120 million of the 1.2 billion credit and debit cards (about 10 percent) in U.S. circulation were EMV-chip compliant. The forum further estimated that 4.5 million of the approximately 12 million U.S. merchant POS devices were apparently EMV-ready by the close of 2014 – or about 38 percent.
Going forward, the group forecasts that the U.S. will have 600 million chip cards in circulation and 7 million EMV-compliant POS terminals in operation by the end of 2015. For those keeping track that is about 50 percent of paycards, and 58.3 percent of terminals.
The Merchant Advisory Group, on the other hand, says only 15 percent of the 13.9 million POS devices at U.S. merchant locations are now EMV-capable, and it predicts that figure will grow to just 20 percent by the end of this year, says CEO Mark Horwedel.
For yet another poke at the numbers, Aite is most optimistic in their projections that by the end of this year, 70 percent of the country’s credit cards and 41 percent of debit cards will be EMV-enabled (55 percent combined pay card average), while about 59 percent of POS terminals will be chip-enabled.
It also bears mentioning that though EMV is very much on the agenda for 2015, an increasing number of those in financial security are already looking past it. Some, like Johnson, think EMV is an important step but also one that he is eager to get beyond.
“Frankly, what I look forward to is getting past EMV and looking toward our move with tokenization,” he added. “That is where the bigger bang for the security buck is going to be. EMV only addresses part of the puzzle.”