There are less than 300 days left until the liability shift for US credit and debit card payments occurs, but it appears that consumers and their credit and debit card issuers are not exactly on the same page when it comes to the sense of urgency around making EMV-enabled payment technology a reality.
With each new security breach, consumers are becoming more aware some painfully so of the security and fraud issues that come with traditional magnetic stripe credit and debit cards. As companies like Home Depot and Target have learned, consumers are starting to demand upgraded cards sooner rather than later.
In fact, a recent Gallup survey shows that nearly 70% of Americans worry "frequently" or "occasionally" about having a credit card compromised by computer hackers, and research from the Aite Group and ACI Worldwide, says that a full 42% of Americans have actually experienced some form of payment-card fraud in the past five years.
But take a look at any one of many industry surveys and that sense of urgency quickly seems to fade away:
Slow start, slow finish: EMV has been used around the world and on the radar in the US for years, but the EMV Migration forum reported that at the end of 2013, only about 20 million or less than 2% of cards had been re-issued as EMV cards. Javelin Strategy & Research doesnt expect the number for credit or debit cards to get above 30 percent by the end of 2015 three months after the liability shift.
Smaller retailers are way behind: Javelin has reported that only 20% of small merchants said theyd be ready for EMV in 12 months and 50% said they had little to no knowledge of the liability shift.
Why this disconnect between consumer sentiment and card issuer action? You dont have to look far for the justifications that organizations have delayed, including the fear of investing in payment methods that are on the way out, and the cost of the transition. Here are three of the most common reasons and why this kind of thinking wont protect cardholders or their customers in the future.
Reason #1: All the fraud is migrating to Card Not Present (CNP) transactions anyway. While its widely known that hackers and thieves migrate to the point of least resistance in any system, but right now, they have their pick of the lot. There are roughly 1.2 billion credit and debit cards in Americans hands today, and research firms estimate that as many as 70 percent of those cards still wont be EMV enabled by the end of 2015. Thats a big enough pie for hackers to focus on until they are forced to move on.
So if you are trying to run out the clock on the need for EMV, you are putting your cardholders and your program at risk. Just like fraudsters, liability shifts to the weakest point in the system come October 2015, and no sound business plan includes playing that role.
Experts across the payments industry agree that the transition to EMV is the best way to reduce fraud for card present and future mobile transactions, and they also concur that the transition will take time. But the EMV transition process is complex and time consuming. Card issuers must get started now to avoid being on the wrong side of the data in 6-12 months.
Reason #2: Its too expensive to purchase and store EMV-enabled cards as inventory. This is probably one of the easiest excuses to eliminate, regardless of card program size. Worried about carrying a huge up front cost when you purchase EMV card inventory? Then dont. Purchase inventory up front, that is.
Its true, the physical cost of an EMV card is estimated to be 3-8x more than magnetic stripe cards, and EMV cards like other cards typically have a 2-3 year self life based on expiration dates. Maintaining bulk card inventory means an expensive pile of plastic sitting on your balance sheet that can quickly become a liability.
But modern technology has completely eliminated the need for large stockpiles of card inventory EMV or otherwise. Just like Walmart and Amazon.com, and the auto industry before that, have become famous for their mastery of just-in-time inventory management solutions, so has the card production and personalization industry. Just-in-time or on-demand production models eliminate large up front inventory costs along with the incremental cost and risk of storing cards for months or years, only to see a percentage of that inventory become obsolete as regulatory disclosure requirements, consumer preferences, or program needs change.
Reason #3: Apple Pay is putting mobile payments on a fast track and cards will soon be obsolete. There are two main reasons that this excuse doesnt hold water. First, almost everyone knows that when Apple shines a light on a product sector or industry, just about everyone hears about it, and consumers become much better informed about the technological resources available to them.
Consumers already have a more heightened sense of awareness about mobile payments and Apple Pay in particular, which uses your existing credit card data to make payments. And even though these first months have gone smoothly at point of sale for Apple, even the most devoted Apple follower out there knows that iPhones are not perfect nor are humans (nor point of sale equipment for that matter). The chance of a software or hardware glitch, running out of battery, dropping your phone in an, er, glass of water, or other mishap, makes it unlikely that even the most committed Apple Pay users will completely abandon their physical cards anytime soon.
The second reason has been widely discussed in the news recently. We know that not all vendors are accepting Apple Pay. Major retailers that are part of the Merchant Customer Exchange, including WalMart, Best Buy, CVS and Rite Aid have made it clear they have no current plans to accept Apple Pay in their stores, while they continue to work on bringing CurrentC to market as an alternative to the major credit card networks. While this solution admittedly eliminates credit cards from the mix altogether, CurrentC is far from ready for public use, and a security breach publicized last month isnt helping their cause. Even if CurrentC comes to market in the next two years, theres still much to be determined about how customers financial data will be secured.
It's Time to Act.Visa, MasterCard, and AmEx are already working with large issuers to transition to EMV, and it is likely that smaller and mid-sized companies will end up in the long queues that follow these behemoths. Since these more moderately sized organizations wont create as much revenue for the production companies, they will not be as high of a priority.
A lot can happen in a year, and as thieves are aware of the shift every bit as much as we are, its likely well continue to see breaches occur. It makes much more sense to protect yourself now. And protect your card users.
Render Dahiya is CEO of Arroweye Solutions.