Momentum Builds For U.S. EMV Card Issuance
Momentum for the EMV smart card security standard, common in many European countries, grew this week with JPMorgan Chase & Co. and Wells Fargo & Co. announcing plans to start issuing EMV cards to U.S. customers this summer.
They join a few smaller financial institutions that have already begun doing so, but merchant adoption of the chip-based technology will remain anemic for the foreseeable future.
For consumers to fully gain the added security benefits of EMV Integrated Circuit Card Specifications, which involves storing credentials on an encrypted chip, most U.S. merchants would need to upgrade to terminals that can read the cards.
Chase and Wells Fargo say they are issuing EMV cards to help U.S. customers that have problems using their magnetic stripe cards internationally. At this stage, they are not promoting EMV for domestic use.
“This particular announcement and this particular technology is just much more focused on our international travelers and the reality of the overseas payment environment,” David Porter, Chase general manager of card services, said in an interview.
“We’re not looking to the future necessarily here,” Porter said. “It’s just looking at the present.”
The fact that two major U.S. card issuers are throwing their weight behind the technology is not a compelling enough reason for retailers to take similar steps, experts say.
“Merchants have got to spend money,” says Eric Grover, a principal with payments consulting firm Intrepid Ventures in Minden, Nev. “You have to mandate, or you have to say, ‘Look, we’re going … to do a liability shift.’”
Chase on April 14 said it plans to begin issuing an EMV version of its Visa-branded Palladium credit card, offered to its private, investment, treasury and commercial banking clients, starting in June (see story). It will add other Chase-branded cards marketed at frequent international travelers, such as airlines rewards cards, later in the year.
Porter declined to say how many cards the company plans to issue.
Chase is using an EMV specification called chip-and-signature, which allows a cardholder to authenticate a transaction by signing for it as they do with the more common mag-stripe credit cards today.
The more common authentication method for EMV is chip-and-PIN, meaning a cardholders must enter a PIN to complete a transaction.
“We just wanted to make that as easy and hassle-free process as possible,” Porter said about the decision to forgo using a PIN.
Requiring a PIN “absolutely adds” an extra layer of security, but PIN authentication is not a requirement to meet EMV standards, says George Peabody, director of the emerging technologies advisory at Mercator Advisory Group in Maynard, Mass.
“The choice to do chip-and-PIN versus chip-and-signature is really an implementation decision on the issuer’s behalf,” Peabody said. “That is configured on the chip itself.”
Regardless, “signature EMV is a huge improvement over mag-stripe” security because it better protects payment data, Peabody says.
Using a PIN to conduct debit card transactions is familiar in the U.S., but it is a less common concept for U.S. credit card users, Peabody adds.
“It does exist for cash advances at ATMs, but no one knows their [credit card] PIN,” Peabody says.
Wells Fargo, which announced its plans on Wednesday, says it will issue 15,000 EMV cards to consumer credit cardholders who are frequent international travelers (see story). Its cards will allow users to conduct both chip-and-PIN and chip-and-signature transactions, a spokesperson for the San Francisco-based banking company said.
Additionally, both Wells Fargo and Chase are including mag stripes on their cards so customers can use them at U.S. merchants, most of which have not enabled EMV capability at their stores.
Some large U.S. retailers, including Wal-Mart Stores Inc., have advocated the adoption of chip-and-PIN cards. Wal-Mart has installed terminals that could read the EMV cards.
“While we are pleased to see movement in the U.S. to the global EMV standard, we envision the most robust authentication environment to be chip and PIN only, with no mag stripes or signatures,” says Jamie Henry, the senior director of payment services at the Bentonville, Ark.-based retailer. “The most recent announcements are targeted to international travelers, but no solution will be complete until all U.S. consumers can benefit.”
Chase’s and Wells Fargo’s announcements add to the small roster of financial institutions that have been offering EMV cards on a smaller scale in the U.S., including State Employees’ Credit Union in Raleigh, N.C., and United Nations Federal Credit Union, which caters to U.N. employees.
Travelex Currency Services Inc. last year announced plans to offer MasterCard-branded prepaid EMV cards in foreign currencies at 180 U.S. retail locations (see story).
More large issuers are likely to follow suit as they look to appease their cardholders who have been spurned when trying make payments while traveling abroad, says Patricia Hewitt, director of the debit advisory service at Mercator.
“American travelers overseas are having problems,” Hewitt says. “They’re calling issuers and saying, ‘We don’t want to have to switch to someone else’s card or carry another card and we want to be able to transact easily overseas.’”
Offering EMV cards may not be enough to attract customers from other banks, but it helps solidify relationships with clients that travel frequently, who “can represent a more profitable account opportunity” for issuers, Hewitt says.
Hewitt and others are skeptical that moves by Chase and Wells Fargo will prompt U.S. merchants to upgrade their payment terminals to accept EMV cards.
The costs for retailers can be significant and the amount of fraud that results from physical point-of-sale transactions versus online commerce–which EMV does not address –is smaller, Grover says.
“EMV … has some efficacy at the point of sale, but … it doesn’t address the online environment, where the fraud problem is an order of magnitude greater,” Grover says.
What do you think about this? Send us your feedback. Click Here.