The Great American EMV Experiment: Success or Failure?
Decades ago, Europe and other developed nations around the world largely abandoned magnetic strips on payment cards in favor of EMV chips, which are more difficult for criminals to dupe and thus safer for both consumers and businesses to use. In these countries, all plastic payment cards rely on chip-and-pin, which guarantee higher levels of security and less
Yet, it wasn’t until 2015 that America followed suit, and even then, the U.S. eschewed chip-and-pin for chip-and-signature – a change that makes the process more familiar to American cardholders but introduces some insecurity. As we approach the end of 2018, most businesses have made the transition to EMV terminals… but was that a wise choice after all?
Comparing EMV and Mag Stripe
Before business owners and consumers can determine whether EMV continues to be worth the effort, everyone should take a refresher course in what makes plastic payment cards work. After a customer dips or swipes their card, the information included on the card (to include the cardholder’s name, billing address and account number) are sent through the merchant’s POS system to the acquiring bank, or the bank the merchant uses to process transactions. That bank sends the information along to a credit card network, which in turn requests verification from the cardholder’s bank, to ensure the card is authorized for use and can pay the requested transaction. Then, approval is sent back through all those different nodes to the merchant’s POS, all in a matter of seconds.
Traditionally, merchants extracted the necessary information to conduct this process through magnetic strips on the backs of payment cards. However, there has always been a big problem with relying on the magstripe: insecurity. Magstripes are easy to read and easy to clone. Consumers might recall warnings about swiping their cards in fishy-looking terminals at self-serve kiosks like gas stations; this was a cheap form of identity theft and a good example of how bad guys could anonymously and successfully get away with such crime.
Conversely, EMV chips are virtually impossible to clone, and special technology is required to read the information stored on the chip. Even better, EMV chips encrypt the data they store, and when information is sent through all those portals during the transaction, it remains encrypted and protected. Though EMV chips must remain in the terminal for the duration of the transaction, the dramatically hardier security should be worth the few extra seconds at checkout.
Comparing Rates of Fraud
Considering EMV’s changes to how payment cards function, it should hardly be surprising that rates of credit card fraud decrease substantially after widespread transitions to EMV. For example, since the U.K. made the switch in 2004, overall card fraud has dropped by more than a third, and since France followed suit in 2005, card fraud has all but disappeared in that country. Furthermore, Canada enjoyed a decrease in fraud losses from $142 million in 2009 to $38.5 million in 2012.
Just one year after merchants were required to transition to EMV technology, counterfeit fraud losses plummeted 58 percent – and at that time, much fewer merchants had made the transition than merchants in the U.K., France and Canada. At the beginning of 2018, just over half of all U.S. merchants had made the switch; businesses and consumers alike should consider how much more good could be done if more merchants invested in EMV terminals.
Comparing Consumers’ Happiness
Looking at old magstripe-only cards and modern EMV cards, the only difference is the shiny, gold-colored chip embedded in the top of the newer models. Generally, the process of paying by card is the same: In person, customers dip (instead of swipe) and sign a receipt. Though the transaction time is longer, thanks to the more robust security checks, most consumers note that there isn’t much difference on their end preventing them from utilizing EMV entirely.
Still, greater change might be coming soon. When other countries migrated to EMV, they chose a chip-and-PIN system for added security. American cardholders must enter PINs when paying with debit, but credit cards rely on fake-able signatures. The reason Americans must still jot their John Hancocks when they pay is because card companies didn’t want to shock American consumers with too much of a change too quickly. However, entering a PIN at checkout will reduce fraud further, and another mandate for PINs might be in the near future.