Managing EMV Expectations
ISOs, acquirers, and other payments pros discuss the chip card implementation process to date
By Ed McKinley
Bonus Audio Content: Log in and listen to “The Impact of EMV Liability Shift—Lessons Learned Six Months Later” from TRANSACT 16. Visit http://bit.ly/1UJqVKP.
Despite some headlines to the contrary, many observers contend that the U.S. transition to EMV chip cards is proceeding at an admirable pace. For them, October 1 didn’t represent a deadline but instead served as a starting line. They point out that it has taken Eastern Europe 11 years to reach 58 percent EMV penetration. By comparison, the United States isn’t doing so badly: Thirty-seven percent of all U.S. merchants now accept chip cards, according to The Strawhecker Group, a payments consulting firm.
What’s more, defenders of America’s progress toward EMV remind detractors that the government didn’t issue an EMV mandate to hurry the process. They also note that the U.S. transition is complicated by the size of the market, which is by far the largest in the world with many more banks, retailers, ATMs, transactions, and cardholders than anywhere else.
“Everybody’s working very hard on this—everybody wants this to succeed,” asserts one executive from a major processor. Those laboring to make EMV a reality for more retailers include the issuers, processors, and card networks, she says. “Nobody benefits if this process doesn’t work.”
Chasing Chargebacks and Profits
Although ISOs and acquirers initially feared that issuers might use their newfound power to issue more chargebacks to retailers, it’s not really happening, according to Aliki Liadis-Hall, director of underwriting and compliance at North American Bancard, a Troy, Michigan-based super ISO. “From the outset we were convinced there was a ton of abuse happening at the issuer level,” she says.
Diving into the details of chargebacks, however, has shown most were valid. In some cases, someone on the issuing side has classified a charge denied by a consumer as a lost or stolen card, Liadis-Hall says. That incorrectly removes responsibility from the issuer and places it on the retailer. Acquirers and retailers can investigate those cases by checking to see if the issuer replaced the old card with a new one, she says. If that didn’t happen, it’s likely the chargeback was false, she explains, adding that error could account for such cases, too.
Besides guarding against those losses, it makes sense to search for profits. Early in the EMV transition, a few payments industry observers suggested that the technology could potentially be a profit center for ISOs, acquirers, terminal makers, and software suppliers—all of them poised to gain from providing equipment to merchants. However, that has not come to pass for merchant-services companies such as MLS Direct, an Austin, Texas-based wholesale ISO that works with 435 independent salespeople and serves 20,000 merchants. That’s because its clients have become accustomed to the free, or at least inexpensive, terminals dictated by a competitive market, says Andy Pitts, president. “It just depends upon your relationship with each merchant,” he says of the prospect of profiting from the transition. It’s possible, but not easy, to charge merchants for the equipment.
Besides supplying the terminals at little or no cost, ISOs and acquirers have incurred the expense of readying and positioning the equipment, Pitts adds. “People are spending a lot of time and energy getting merchants upgraded.”
On the plus side, time devoted to helping clients get ready to accept EMV cards can help cement customer relationships and, thus, reduce the likelihood that merchants will abscond to another merchant services provider. Pitts contends, “If you handle it properly, the merchant is going to say, ‘Hey, he’s looking out for me.’”
Still, it’s difficult for a salesperson to expedite the EMV process for 200 accounts that took years to amass, Pitts says. “You’re not going to be able to change them all out in a short period of time,” he observes.
Rising to the Challenge
Someone, however, has succeeded in reaching a good portion of those retailers, according to MasterCard, which says that more than 1.2 million merchant locations in the United States have upgraded to chip readers.
Between 30 and 50 percent of MLS Direct merchants have done all they can to prepare for EMV, says Pitts. “The other 50 percent probably don’t want to deal with it,” he says. “They’re not getting enough chargebacks for it to make sense to them. I guess it will be a gradual changeover.”
About half of the merchants grasp what’s at issue with EMV, and half remain somewhat clueless, Pitts reports. The smaller merchants tend to pay less attention to the transition than the larger ones do, he notes. The holdouts probably have their reasons and may not cross over into the realm of EMV for three to five years, he predicts. Meanwhile, research and data firm Statista forecasts POS terminal adoption to EMV standards in the United States to reach 68 percent this year and 100 percent in 2020.
Still, acquirers and ISOs should keep watch on those retailers that shun EMV, cautions Liadis-Hall. The retailers could later allege in lawsuits that the industry failed to prepare merchants for the transition, she says. Besides, if merchants become unable to meet EMV liability, the financial responsibility shifts to the acquirer, she warns.
Some processors and vendors have problems of their own and simply aren’t prepared to accept EMV. “I don’t think it matters where the blame is,” says one processor. “Some people are quick adopters, and some lag behind. They’re all doing what they can.”
MLS Direct uses four processing platforms, but not one has succeeded in getting ready for every situation that can arise with EMV, Pitts says, speaking seven months after the liability shift. His main processor still couldn’t handle PIN debit, he notes.
Certification could be part of the problem. For some merchants, the process can be complicated due to intricacies of the POS system. In these cases, successful EMV migration often is highly dependent on the decisions and timelines of multiple parties, including software vendors, hardware manufacturers, and POS resellers.
In addition, a solution must pass three levels of EMV certification before it can be deployed. The first addresses the mechanical and electrical protocols used for transferring data between the terminal and the payment card. The second level is the device manufacturer’s responsibility. It addresses the software application residing inside the device (firmware) that performs EMV processing. After the manufacturer has achieved both levels of certification, a POS developer can then use the certified device to create an EMV solution for its POS system.
The third level of certification, also called network certification, tests each unique EMV path to the networks. The testing flow follows this order: Level 1 and 2 certified device, the POS application, any middleware or gateway in use, the processor, and finally out to the card brands. Each card brand has a set of defined EMV test cases that must be run to satisfy its EMV certification requirements. In addition, each processor may have its own test cases that its wants POS developers to run as part of their host message certification. This process must be completed individually for each device the POS is using.
Instead of throwing up their hands in despair, however, ISOs and acquirers might consider advising their merchants to use simple EMV-capable terminals and abandon their sophisticated POS systems for the time being, say sources. Merchants that heed that advice might want to keep most of their electronic payments running on their complex systems and use the simple EMV reader only for big-ticket or suspicious transactions, they note.
But acquirers and ISOs may find it difficult to convince merchants to set aside a Cadillac of a system, Liadis-Hall says. She notes that acquirers may have no contractual involvement in the POS systems of some of their merchants, which doesn’t aid them in their attempts to counsel clients.
Throughout the EMV transition, the burden of getting the word on the technology out to merchants has fallen to ISOs and acquirers. Liadis-Hall agrees, stating that everyone in the acquiring industry has been responsible for conveying information on the transition to merchants and for helping merchants equip themselves to accept EMV transactions. However, she explains a lot of merchants just didn’t see the need to change until after they began receiving chargebacks.
Benefits aside, EMV won’t solve everything, says Jared Drieling, business intelligence manager for The Strawhecker Group. The technology won’t stop data breaches and the resulting theft of card information, he notes. It doesn’t protect online transactions and even tends to drive fraud onto the internet as card-present transactions become more secure, he says. That’s the pattern that has emerged in other countries, he adds. Merchants, especially those with e-commerce operations, should pursue three layers of security—EMV, encryption, and tokenization—to protect transactions, he maintains. “No matter what EMV can do in the store,” he says, “it does nothing online.”
But EMV can help usher in a new era, proponents say. The technology has been positioned as a security measure, but it will also help move the payments industry into the future, says Drieling. That’s because EMV terminals pack the power to accept contactless cards and capitalize on near field communication to create mobile wallets, he maintains. It enables merchants to handle Apple Pay, Android Pay, and Samsung Pay, he notes. “That’s a piece that’s been missing in the EMV discussions,” he asserts.
This is more than EMV, others agree. The transition is enabling the industry to meet today’s standards for card acceptance and preparing it to face what the future brings. “We needed to get over this hump in how we accept credit cards,” says the processing expert. “The chip is here to stay.”
Ed McKinley is a contributing writer to Transaction Trends. Reach him at [email protected].
Facts From Litigation
When difficulties arise, Americans often resort to litigation. So, it should come as no surprise that the long, hard slog toward EMV chip card acceptance is generating court cases and attracting the attention of legislators and regulators. Two Florida retailers have filed a lawsuit against 18 companies with a stake in EMV, and Walmart is suing Visa over the signature versus PIN controversy. Meanwhile, Sen. Dick Durbin (D-Illinois) is calling for the Federal Trade Commission to take action on EMV.
In a class action lawsuit filed March 8 in the Northern District of California, the Florida retailers allege that a long list of payments industry companies violated antitrust law by conspiring to impose the EMV liability shift. Many merchants tried to become EMV-ready before the transfer of liability but could not because of certification problems, the plaintiffs say. The defendants also failed to help bear the cost of the EMV transition, according to the plaintiffs, who are seeking to stop the transition and receive unspecified financial compensation.
The plaintiffs named in the suit—B&R Supermarket, doing business as Milam’s Market, and Grove Liquors—could be joined by literally millions of retailers across the nation, says Xan Bernay, an attorney with Robbins Geller Rudman & Dowd LLP, a San Diego law firm that specializes in securities litigation, antitrust cases, and class actions. Bernay says the law firm represents the plaintiffs and has filed a motion to name two California retailers as plaintiffs, including Rue 21, a national fashion retailer with more than 1,100 stores.
In another case, Walmart alleges in a suit filed May 10 against Visa in New York Supreme Court, County of New York, that the card brand’s insistence on a signature is inhibiting the retailer’s ability to route transactions on a Visa-branded card through any network available on the card.
In a two-page letter dated May 11 to FTC Chairwoman Edith Ramirez, Durbin expressed concern about what he called “problems and delays” in EMV certification that may harm small- and medium-sized businesses. He asked the FTC to search for ways of protecting those businesses. To illustrate his point, Durbin cited the case of a supermarket chain that has allegedly spent $385,000 on 770 terminals but has been unable to use them because of delays in certification.