Cash's decline creates new roles for EMV specifications
Perhaps the most significant trend for face-to-face payments during the pandemic has been the increasing reduction in cash usage. Consumers have shifted from cash to card payments, a method that many retailers prefer during this time. This shift falls in line with guidance from global public health bodies for consumers to use alternatives to cash where possible.
In particular, we are seeing a growing preference for payment methods that limit contact to help remove any physical interaction at the point of sale. This includes EMV contactless transactions and QR code-based payments.
At EMVCo, our role is to provide a common and secure foundation for development and deployment of these and other forms of card-based payments. We expect the trend toward payments that limit contact to continue beyond COVID-19, and our focus is to evolve the EMV specifications to support the future requirements of the payments industry.
For example, in response to feedback from our community of associates, we have established a dedicated task force to explore how EMV specifications can support the use of wireless technology such as Wi-Fi and Wi-Fi direct, Bluetooth Low Energy (BLE) and mobile data. This could enable in-store payments without the payment device (e.g., a smartphone) being in immediate proximity to the payment terminal.
Not all EMV chip transactions require a PIN. Although EMV chip is often associated only with PIN, the specifications support various types of cardholder verification methods (CVMs). These include online and offline PIN, no verification and signature, as well as multiple biometric verification types including fingerprint (via the cardholder’s own device, including a mobile phone), iris, voice and facial recognition.
EMV specifications also support Consumer Device Cardholder Verification Methods (CDCVM), which enable consumers to verify themselves using the authentication capabilities of their own mobile device. For example, the fingerprint reader you use to unlock your phone can also authenticate your payment.
Since every marketplace is different, the EMV specifications need to support global, regional and local requirements. In my native Australia, it has been the case for some time that most card-present transactions are contactless with no cardholder verification method required.
With COVID-19, we are now seeing this trend reflected across other marketplaces. In the U.S., there has been a significant uptick in contactless transactions as consumers are understandably cautious about entering their PIN or signing their name. The inherent flexibility of the EMV specifications supports these changes in consumer behavior and merchant preference.
In recent years, the EMV specifications have evolved beyond EMV chip and now enable industry participants to develop and use secure and convenient payment methods across face-to-face, e-commerce and digital environments.
EMV specifications for e-commerce and digital payments include EMV® 3-D Secure (EMV 3DS), EMVSecure Remote Commerce (EMV SRC) and EMV Payment Tokenization, all of which are playing an important role in helping consumers and merchants move online quickly and securely in these challenging times.
There has also been a significant increase in demand for online commerce, with lockdowns and social distancing regulations changing the way we shop.
The EMV SRC Specifications enable a common consumer e-checkout, described as click to pay, and provide the opportunity for all merchants globally, regardless of size, to offer trusted, safe and convenient card-based payments to consumers shopping online. This includes large retailers, but also mom-and-pop stores that are potentially accepting online payments for the first time due to the pandemic.
It is also evident that as e-commerce transaction volumes increase and opportunistic fraudsters target points of weakness, CNP fraud is on the rise. EMV SRC accommodates options for using dynamic data, such as cryptograms or other transaction unique data, to enhance the security of payment transactions on a merchant’s SRC-enabled website, mobile app or other e-commerce platform.
EMV 3DS helps address fraud with technology that enables consumers to authenticate themselves with their card issuer when making CNP purchases. This can help prevent unauthorized transactions while minimizing friction. We are committed to evolving the EMV specifications to meet the requirements of different sectors and industries. For example, we have worked extensively with the travel industry to support their fight against transaction fraud, with the EMV 3DS Travel Industry Message Extension guidelines specifically describing how travel industry merchants can provide additional travel-related data to issuers for use in risk-decisioning.
Finally, EMV Payment Tokenization enhances the underlying security of digital payments by replacing the primary account number (PAN), information that can be used by criminals to commit fraud, with a unique payment token that is restricted in its usage.
Ensuring safe, convenient and reliable payments has arguably never been as crucial, and EMVCo testing and certification programmes help to promote this confidence and stability across the industry. For this reason, in response to COVID-19, we moved quickly to ensure that EMVCo accredited laboratories and testing facilities can continue with their evaluation and testing programs despite lockdown and social distancing restrictions.
Beyond supporting immediate short-term requirements, our various testing and certification program initiatives will address evolving payment card acceptance requirements for all industry stakeholders. To name just a few, this includes promoting interoperability for emerging payment form factors like smartphones and wearables, accelerating go-live for new and updated terminals, enabling a good consumer experience when Commercially Available Off the Shelf (COTS) devices like mobile handsets are used as a payment terminal, and promoting security for software-based device payment applications and IoT products.
EMVCo continues to carry out its work in collaboration with the hundreds of global organizations that represent the payment industry and participate as EMVCo Associates and subscribers, as well as directly engaging with technical bodies including FIDO Alliance, NFC Forum, GlobalPlatform, PCI Security Standards Council and World Wide Web Consortium (W3C).
And while COVID-19 restrictions have impacted our ability to conduct in-person meetings and events, we have adapted to provide online forums for engagement to ensure we are receiving the industry feedback that is vital to the ongoing development of EMV specifications.