The State of EMV in 2016: One Year After the Transition
Where Do Merchants Stand on the Anniversary of the EMV Liability Shift?
It’s been more than a year since the EMV liability shift rolled out in the U.S. on October 1, 2015. In that time, the new chip-enabled cards have seen their share of well-publicized problems, including uneven implementation, software bugs and customer complaints about long wait times during the in-store checkout process.
So, what does the landscape look like now that we have a chance to reflect on the process more objectively?
Brick-and-Mortar: EMV Adoption Still Lags Due to Certification Backlog
According to MasterCard, approximately 80% of their U.S. cardholders had been upgraded to new EMV chip-enabled credit and debit cards by August 2016. The company points to a 60% decline in counterfeit card fraud among their top five EMV-compliant merchants as evidence that the technology is working to fight back against fraud.
Unfortunately, merchants have not seen that same degree of progress. By the first anniversary of the EMV liability shift on October 1, 2016, only 30-40% of all U.S. merchants had active EMV-compliant machines which were authorized for service by the card networks.
Even now, the process of certifying merchants’ card equipment continues to stall progress. In fact, more than 50% of in-store merchants report that despite having the new equipment installed, they cannot activate it as they are still waiting on system certification from the card networks. Of those merchants, 60% have waited on their certification for more than six months.
Despite these merchants doing everything possible to be compliant, the process continues to move slowly, leaving brick-and-mortar merchants liable for fraud attacks. However, while the situation is not good for card-present sellers, the EMV shift continues to have a seismic effect on the card-not-present environment.
eCommerce: Rapid Rise in Fraud Following EMV Rollout
Despite the fact that eCommerce merchants do not deal directly with EMV chip cards, the transition had a powerful effect on the market over the last year nonetheless.
According to the recent Global Fraud Indexâ„¢ report from Forter and PYMNTS, online fraud exploded in the year since the EMV liability shift took place in the U.S. Fraud attacks during Q1 2016 were up 26% over the same time the previous year, with $7.30 at risk per every $100 in sales—an astounding 386% increase YoY.
As if that weren’t bad enough, digital goods merchants fared even worse, with fraud attacks involving digital goods up 186% over Q1 2015. All totaled, digital goods merchants lost $10.50 to fraud per $100 in sales during Q1 2016. What is the cause of this dramatic increase?
As Convergys Vice President Ron Andrews explains, “In terms of identity fraud, we’re certainly hearing about an increase in that space, and some of that is EMV related.” The primary reason for this increase is, as the slow-but-steady rollout of EMV technology continues, the once-preferred criminal fraud method of producing counterfeit cards is less and less viable. Criminals tend to prefer the road of least-resistance, which is now the card-not-present market.
To back up that assertion, overall, online merchants saw 34 fraud attacks per 1,000 transactions in Q1 2016—a 126% increase over the previous year. To Andrews and other industry experts, it’s clear that EMV technology led to an increase in online fraud.
“What we’re seeing now in the U.S. market actually mirrors much of what we saw in Europe, Canada and other locations when EMV chip cards were introduced,” says Chargebacks911™ COO Monica Eaton-Cardone. “As it gets harder and harder to commit card-present fraud using counterfeit cards, fraudsters just start refocusing their activities online, where security is comparatively weaker.”
What’s in Store for EMV Going Forward?
Some experts anticipate that more than 90% of payment cards in the U.S. will have been upgraded to EMV-enabled chip technology by the beginning of 2017. However, the point at which most brick-and mortar merchants will be EMV-compliant is still considerably further down the road—possibly not until 2020, by many estimates. As a result, card-not-present merchants will continue to see increased fraud rates remain steady.
It is recommended that merchants take steps immediately in order to control their risk. Fraudsters are presently in a mad dash to burn through counterfeit payment cards while they are still viable, but they are turning their long-term attention toward eCommerce.
Technologies such as 3D Secure and card security codes are highly recommended for merchants conducting card-not-present transactions. However, these aren’t the only tools at merchants’ disposal.
For example, merchants would benefit from embracing mobile wallet apps like Apple Pay and Samsung Pay. These technologies can be used to make online purchases, and because they utilize biometric technology, requiring a fingerprint in order to authorize a transaction, can be considered much safer than other payment methods.
EMV is Here to Stay
The U.S. was the last major market to get onboard with EMV chip technology, and while it’s still new to many Americans, EMV is already an accepted reality in much of the world. Like it or not, EMV is not going anywhere—merchants will need to adopt the necessary solutions to address that fact.