Post image for Fake Out – You Can’t Put Your Card in that EMV Slot

Visa’s CEO recently reported that more than 750,000 locations, representing 17% of the U.S. face-to-face card-accepting merchant base, are accepting EMV chip cards. While everyone in the industry agrees that it will be quite a while before the numbers reach “critical mass” (whatever that means to you), there are two key questions for today. The first is pretty easy to answer; the second, perhaps, not so much:

  1. Why haven’t more merchants installed EMV-capable devices?
  2. Why are there so many EMV-capable devices already installed that have not been enabled to actually accept chip cards?

The first question has been discussed more extensively and the answer is a combination of factors:

  • Almost every new terminal deployed these days is EMV-enabled, but the millions and millions of terminals at “mom and pop merchants” have a very long useful life – 7 years gets quoted quite often. Why incur the expense and hassle of upgrading when you are highly unlikely to ever see a counterfeit card? I don’t think the local dry cleaner, daycare center, or dog groomer is particularly worried. Having said that, Glenbrook has had many conversations with our larger merchant clients who have chosen to implement EMV because they are worried their customers might think they don’t take security seriously. Reasonable people can disagree whether their customers will even notice or care (with the likely exception of Target customers), but one can certainly respect the position of these merchants.
  • ISOs and acquirers have only recently been out there in force, trying to get their installed base of merchant terminals upgraded. But the timing has been off. Smaller merchants who had never heard of EMV didn’t quite get the message until September, a month before the liability shift, or when they received chip cards of their own. By then, there were reports of terminal shortages (since resolved).

Fair enough.  But what about my second question?  Why do I encounter so many terminals that have the EMV hardware installed (pretty much anything deployed in the last few years) but have not yet been enabled to accept chip transactions?  You don’t have to look too hard to find them – they’re at McDonald’s, Safeway, and a slew of other merchants huge and small.  Why are they not performing EMV transactions? There are a number of reasons:

  • Make Someone Else the Trainer. Some merchants, particularly the large ones, don’t want to “educate America” on how to perform an EMV transaction. This was especially acute during the holiday season. They see EMV as just slowing down lines and chose to wait until consumers learned what to do—and do it quickly—at someone else’s store.
  • Big Effort. EMV deployment is a big project for large merchants. POS systems need to be modified and often upgraded and always certified (no small nor quick task). Clerks have to be trained. These POS change projects usually span years, not months. Many pieces to the EMV puzzle, particularly regarding debit, were not in place in time for the liability shift deadline.
  • Hurry Up and Wait. Many, many, many integrated POS systems (IPOS), especially the electronic cash register software for these systems, were just not ready in time. Even if the software was ahead of the game, they faced long certification queues at many acquirers. I believe this is going to be a problem for a while.
  • Waiting Tables. Restaurants pose unique challenges. There are staggering numbers of large and small restaurants with terminals capable of taking chip cards, but unfortunately, the software is way behind, often due to the added work needed to deal with tips and tip adjustments. Many in the industry believe the POS software firms serving the restaurant industry simply underestimated the time and effort required to accommodate EMV. These are many of the same companies, mind you, that already support EMV in Europe and beyond. And of course, once complete, each still needs to be certified by a plethora of acquirers. And that takes time as one of our huge national restaurant chain clients knows. They won’t have an EMV-enabled solution ready until late 2016.

I think it’s interesting to talk to fellow payment geeks who simply shrug their shoulders and say “whatever, who cares about cards? we’ll all be using our phones to pay soon enough.”

I’m definitely not in that camp, but some of my colleagues at Glenbrook do joke that if you really want to make contactless look good, make the alternatives look worse. I think we’ll all get used to dipping and waiting at the POS, but the truth in that humor points directly at the spread of contactless in Canada and the UK.

Let me know your thoughts!

6 Responses to “Fake Out – You Can’t Put Your Card in that EMV Slot”

  1. Joel Friedman says:

    Thanks for writing about the second question. One gets the impression that EMV is DOA.

  2. Craig Lawrance says:

    To your point of card payments moving to phones before very long, there’s a key element here to consider. Phone-based payments at the Point of Sale such as ApplePay really require EMV to be supported as they do in Europe. In other words… if your terminals are going EMV anyway, they’ll next need to support EMV-based contactless card transactions which in turn provides for contactless phone payments. Most EMV terminals now come with built-in contactless; again it’ll be a question of certification.

  3. mark horwedel says:

    You forgot to mention the networks came up with these overly aggressive dates in order to deliver a Christmas present to the issuers called “liability shift”. How the hell was it rational or reasonable to fix a date when they had no plan to accommodate Durbin routing? Answer–Merry Christmas, issuers!

  4. Dennis says:

    EMV is a joke. Cram a stolen card in the slot, and not only will it authorize, but the operator “trusts” the technology, and there is NO ID check, or signature verification. EMV just makes physically stolen cards easier to use (harder to duplicate), but MUCH easier to use. The carders will switch from cloning to pickpocketing.

  5. Not pretty but factual

    · ISOs used the EMV scare tactic to sell EMV “ready or capable” terminals, with an EMV slot yet no, yes NO EMV contact reader much less no contactless or NFC reader.
    · FIs and ISOs both sold EMV terminals with contact and contactless readers with the expectation that the processor would update current applications for those devices sold as “future proof”. Contra, the hardware manufacturers convinced the processors that only new terminals with ever more memory were required for new EMV software applications.
    · NOTE: The reason hacking software today is so prevalent is because code is less tight, sloppier and sloppier with each rendition. Throw more memory at it
    · Many within the industry also expected to add an EMV peripheral, combo EMV/PED or with added signature capture function to existing terminals.
    · The card associations bear partial responsibility by constantly moving the EMV implementation target date along with other dates in addition to changing the rules at will then introducing interoperability with no end date.
    · The majority of main street merchants don’t care nor will they be impacted by the liability shift. The few MSR (mag strip reader) fraud transactions they incur are merely a cost of doing business. Enter the card associations shooting themselves in the foot, as they often do, by introducing interoperability.

    Merchants are extremely frustrated at being taken by over zealous sales people pushing incapable technology, the all too frequent hardware and software update, recent hardware purchases becoming obsolete within months of purchase, the industry’s in ability to convey one message consistently (fraud is up from one group, fraud is down from the same group just a different division) while preaching security like a tele-evangelist, implementing chip and signature and not the more secure chip and pin.

    If card payments were not so ingrained into the consumer’s psychic, merchant would be switching to cash if they could because literally every aspect of the electronic payment industry is in such disarray.

    Imagine doing your 2015 income taxes based on rules that will be introduced then modified after you file your taxes. Welcome to the merchan’t view of the electronic payment industry.

    And we’ve not touched on mobile payment, the ever changing prepaid landscape, debit: pin no pin, antiquated and arcane rules on on-line payments and the list goes on and on.

    Technology is changing faster than most consumers and especially businesses can absorb much less apply. It’s classic information overload. A decision today based on the relevant facts today is negated in less than 24 hours by the new truth tomorrow.

  6. David True says:

    To additional points:

    1) a good number of terminals we installed before they were certified with all payment networks; so the hardware is in place, but works for V/MC and not Amex/D

    2) Some issuers are taking advantage of liability shift to classify non-fraud chargebacks as fraud, and thus shift responsibility to merchants– exploiting network rules. This will become more and more visible issue during 2016

Leave a Reply

Previous post:

Next post:

Clicky Web Analytics