Three years ago this month, the credit card industry introduced new liability rules designed to reduce payment card fraud. In 2015, traditional plastic was still widely used throughout retail, but these older cards relied on magnetic stripes that could easily be cloned, manipulated or erased.
In effect, “magstripe” plastic was seen as too vulnerable.
Thus, the payment industry wanted merchants and consumers to adopt EMV credit card processing. These newer cards came with security chips that were very difficult to duplicate. To initiate an in-person purchase at the checkout counter, the card (and chip) had to be physically present.
In markets that had already adopted the EMV credit card standard, in-person fraud had plummeted. In October 2015, the U.S. payment industry followed suit with its own liability guidelines. Although these rules weren’t officially mandatory, they shifted the burden of responsibility onto whichever party was using the less secure payment technology:
- Merchants that weren’t EMV-ready had to pay fines and cover losses — if and when fraud occurred within their payment environments.
- Card-issuers whose customers didn’t have chip-enabled plastic had to pay those same fines and losses — whenever fraud occurred.
Yet the question remains — was this shift ultimately good for the industry?
Let’s take a look.
EMV Credit Cards: 3 Years Later
Despite very clear (and expensive) incentives, the shift to EMV payments was surprisingly slow. This was especially true among smaller merchants — many had a tough time justifying the expense of upgrading their legacy readers with newer EMV terminals.
In fact, experts predicted that retailers nationwide would have to spend an estimated $2.6 billion on hardware costs alone. Add to this the additional expense of retraining employees and educating customers — and it’s easy to understand why there was so much initial resistance.
Even three years later, EMV credit card adoption still hasn’t hit 100 percent. Most agree that it never will. Though according to Visa’s U.S. retail numbers, EMV cards represented roughly 97 percent of in-person payment volume in June 2018.
Though impressive, that statistic is somewhat misleading since EMV credit cards only reflect one side of the transaction. There are still many merchants that haven’t made the switch — although the numbers are quite promising:
- In September 2015, fewer than 400,000 retailers used EMV terminals.
- In June 2018, that number hit 3 million merchants — a 680 percent increase.
It’s estimated that roughly 60 percent of all U.S. brick-and-mortar merchants have now adopted the more secure EMV credit card standard.
EMV Payments and Fraud Reduction
As expected, in-store credit card fraud plummeted following the “unofficial” adoption of EMV payments. From September 2015 to March 2018, fraudulent losses fell by an estimated 75 percent — and that was the whole point.
Though in many ways, EMV credit cards have made fraud worse.
For example, card-not-present (CNP) fraud went up following the new liability rules — and the reason behind this is simple: When shopping online, by phone or via mail, the EMV card’s embedded chip doesn’t offer any security advantages over its magstripe counterpart.
Criminals exploited this fact by increasingly moving their operations online. Within just one year of the new liability rules, CNP fraud shot up by 40 percent, and that trend hasn’t reversed course since.
EMV Adoption: Paving the Way for Newer Payment Options
EMV cards were initially introduced to reduce fraud, but their adoption indirectly paved the way for faster and more convenient payment alternatives.
For example, most EMV terminals also come equipped with near field communication (NFC) technology. This means merchants can use their EMV readers to accept contactless payments made through:
- NFC cards
- Wearable devices
Although none of these contactless payment methods are inherently more secure than EMV payments, they’re much faster to process. For consumers and retailers alike, this means shorter lines.
Moreover, the success (and limitations) of EMV credit cards have prompted the industry to take an even closer look at security — both the good and the bad.
For example, signatures are no longer an authorization requirement for most credit card machines. Signing your name is now seen as an archaic step that simply slows down the checkout process and wastes paper. Now, there’s a stronger push to issue more chip-and-PIN cards instead of the less secure chip-and-signature alternative.
In addition, EMV credit cards are not entirely foolproof when it comes to stopping in-person fraud. Thus, security experts have started taking a closer look at biometric verification using characteristics such as irises, fingerprints or even DNA. This may seem far-fetched, but there are already working prototypes out there.
Did the EMV Liability Shift Ultimately Succeed?
It’s probably too soon to assess the long-term impact of EMV credit cards. Although they have helped reduce in-store fraud, their introduction created unprecedented headaches for e-commerce merchants around the globe.
Moreover, their growth has helped pave the way for newer, faster and more secure payment environments.
Nonetheless, EMV cards were never intended to be a final destination. They were always a steppingstone, designed to help propel the industry forward. As criminals develop more inventive ways to circumvent today’s security protocols, the payment industry must counteract with stronger standards.
If you’d like to learn what steps you can take to protect your payment environment from fraud and abuse, schedule a free consultation with our merchant services team today.