When we first published an article on EMV cards back in April, we did not expect it to cause much of a stir among our non-industry-related readers. Instead, we received quite a few emails from Americans who’d had difficulties using their mag-stripe cards in Europe and many of them were asking us how they could get a chip-and-PIN one (which is how EMV cards are known in Europe).
Of course we can’t get chip-and-PIN cards here in the U.S. Wells Fargo and JPMorgan Chase told us that they were planning to start issuing smart chip-based cards at some point, but the details were scant.
Now Visa has decided to weigh in on the subject in a rather big way. The biggest credit card network in the world is making it mandatory for all U.S. processors to support acceptance of chip-based transactions by April 1, 2013, in order to prepare the ground for the arrival of NFC-based mobile payments, we learn from a press release. Of course, by then NFC will have arrived in force.
Here is what I think is the gist of Visa’s announcement:
Visa will require U.S. acquirer processors and sub-processor service providers to be able to support merchant acceptance of chip transactions no later than?áApril 1, 2013. Chip acceptance will require service providers to be able to carry and process additional data that is included in chip transactions, including the cryptographic message that makes each transaction unique.
Why do that? Visa:
The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of NFC-based mobile payments by building the necessary infrastructure to accept and process chip transactions that support either a signature or PIN at the point of sale.
So there it is. In effect, the huge hype around an untested and unproven mobile payments technology is already causing the beneficial side effect of solving a pressing issue for an increasing number of Americans trying to use their mag-stripe cards in Europe.
The release pays much attention to the use of dynamic authentication for securing chip-based card transactions, but it doesn’t tell us exactly what it is. Let me fill in the gap.
In a face-to-face EMV transaction, the cardholder would first enter her PIN to initiate the transaction. Where dynamic transaction authentication is supported, the point-of-sale (POS) terminal would at this time prompt the smart card to produce a one-time password that would be then used to complete the transaction. The point here is that a counterfeit card would not be able to communicate with the reader and the transaction would not be completed.
The reason Visa is pushing dynamic authentication right now is that all NFC-enabled devices will have a chip embedded into them by default that would store the user’s card account information, turning the smart phone into a form of an EMV credit card. As new POS terminals will be needed to communicate with these new payment forms anyway, they might as well be equipped with the latest fraud prevention technology. I think it is a good decision on the part of Visa.
It should be noted that Visa is not requiring banks to start issuing PIN-based cards, but it is very likely that they will, once the infrastructure is laid out for accepting them. After all, U.S. issuers lost $3.9 billion in overall transaction volume and $447 million in revenues in 2008, because 9.7 million American cardholders were unable to use their cards abroad, according to data from Aite Group. Moreover, U.S. issuers have been receiving tons of complaints from inconvenienced American vacationers. Why haven’t they responded?
Well, issuers were faced with a chicken-and-egg type of a problem here in the U.S. If they did start issuing EMV cards, these would only have been accepted abroad, which would not have justified the investment. Now that Visa has required processors to ensure acceptance of chip-and-PIN, that changes the dynamics completely.
In fact, issuers are likely to also benefit from a benign EMV side effect in the form of lower fraud losses. In the U.K. the implementation of the chip-and-PIN technology resulted in in-store credit card fraud falling from 218.8 million pounds ($356.5 million) in 2004 to 98.5 million pounds ($160.5 million) in 2008, according to statistics from the U.K. Payments Administration. U.S. banks will no doubt take the windfall if it comes their way.
Image credit: Cnpsigns.com.