The recent spate of retailer data breaches demonstrates the need to embrace security methods such as EMV-chip cards and tokenization to protect transactions, Visa CEO Charlie Scharf told investors on Jan. 30.
"People don't live in a vacuum," Scharf said during a conference call to discuss fourth-quarter earnings. "When you see the kinds of breaches that [the market] has seen, you want to make sure we're all doing all that we can to minimize fraud in the future."
EMV cards, commonly called chip-and-PIN, improve security by making cards more difficult to counterfeit. Tokenization is a method of replacing card data with a secure "token" as it is processed; this token can't be reused to clone cards, and thus is a less desirable target for fraudsters.
Visa has set an Oct. 2015 deadline for most U.S. merchants to be able to accept EMV payments (fuel merchants have an extra two years). Merchants who miss their deadline face an increase in fraud liability. Scharf confirmed that Visa plans to stick to this deadline; MasterCard also confirmed the same timeframe this month.
While merchants have pushed back against aspects of the EMV migration in the U.S., the standard would make the entire payments system safer, Scharf said. "There's new cards, new terminals, new software development, we do understand it's expensive but it's necessary," Scharf said.
When asked if EMV would have prevented the recent data breach at Target, Scharf was non-committal, positioning EMV as broad preventative security measure rather than something that would have stopped a specific incident.
"Not all of the facts on Target are out yet, so it's a little premature to talk about what would have prevented it," Scharf said, adding that some of the recent incidents did not relate to the merchants' payments systems, but instead their server environments. "EMV would have nothing to do with that," Scharf said, adding EMV would mitigate the ability of attackers to use stolen account numbers to create new cards.
After Target reported a breach of 40 million card accounts, Neiman Marcus and Michaels reported that shoppers at their stores may have had their information compromised as well. Target has also reported that the personal information of up to 70 million shoppers was additionally compromised.
Visa is also part of a card network-driven effort to replace account numbers with a digital token for card-not-present transactions, such as online shopping.
The card networks are also proposing the use of data fields to provide richer information about the transaction to inform fraud detection and expedite the approval process; consistent methods to identify and verify a consumer before replacing the card number with a token; and a common standard to simplify the process for merchants to offer contactless, online or other digital transactions.
Visa is is also tweaking its V.me digital wallet to make it easier for consumers to make digital payments. The upgrade is designed to improve merchant integration.
"We want to make it easier to get to market," he said, adding Jos A. Bank, Ticket Master and Auto Zone were among the initial merchants to adopt the updated version of V.me. There are currently 300 signed merchants for V.me and 80 are live, Visa said.
For the quarter ending Dec. 31, Visa reported revenue of $3.2 billion, or 11% growth over the prior year. Earnings increased 9%, to $1.4 billion, and operating earnings per share grew 14%, to $2.20 per share. That was better than Thomson Reuters' estimates of $2.16 per share and revenue of $3.13 billion. Payments volume growth was 11% over the prior year, reaching $1.2 trillion, while total transactions processed were up 13%, to 16 billion. Visa's guidance for fiscal 2014 includes net revenue growth in the low double digits, or 10% to 13%, said Byron Pollit, Visa's CFO.