Executive Insight: EMV is Coming – Gradually

This post was written by Shift4’s VP of Business Development, Bob Lowe. Over the course of his impressive career, Bob has worked on EMV roll-out projects in Europe, Canada, and the U.S.

Are you preparing for EMV? We hope that by now you at least have it on your radar and are starting to weigh your options for implementation. But before you get too deep into it, we’d like to bring a few things to your attention.

EMV stands for Europay, MasterCard, and Visa – the original three card brands that joined forces to create the standard in Europe and Canada. It’s also known as chip and PIN or smartcards, which is more appropriate. EMV is the current global standard for credit card terminals. It is soon to be rolled out in the U.S. with the card brands pushing October 2015 as the deadline for merchant adoption. There are a few problems with that. First, the issuing banks aren’t yet issuing chip cards. A few of the banks have them available, but they are reserved for high-net-worth individuals who frequently travel out of the country. Average consumers can’t get their hands on them. Even if they did manage to miraculously issue an estimated 1.5 billion new cards in the next 18 months, the chips would be useless in the U.S. since most of the processors still haven’t published their full EMV spec, and don’t yet have a certification process, so there is no way to process transactions on them. The device manufacturers, while delivering devices that are used for EMV in other countries, have not yet finalized the software for their U.S. devices. Finally, your POS/PMS vendor and your gateway (us) have no spec to write to. Now, rapid development is something we’re entirely capable of and we want to assure all of our merchant customers that we will be EMV-ready long before the deadline. But we’re not the only piece in play.

Because EMV replaces the magnetic stripe on credit cards with an embedded computer chip, they require new hardware terminals at every point of sale. Experts say U.S. merchants will have to spend more than $2.5 billion to replace all of their terminals with EMV-enabled devices. Wondering how much it will cost your business? A quick estimate is $150-250 per terminal, depending on whether you typically opt for the bare-bones devices or something with a few more bells and whistles. Just remember not to buy any device before it has been certified with Shift4. (Merchants not using Shift4 will have to wait until the device has been certified with their POS/PMS and their processor, but because we’re always looking out for you, we’ll handle this step for you.)

For some of our larger merchant customers, the cost for this transition could reach into the hundreds of thousands of dollars. Every merchant will have to invest time into training staff on use of EMV-enabled devices. Restaurants in particular may have to totally reinvent the way they handle payments because EMV cards are expected to stay in the cardholder’s possession. The intention was that a PIN known only to the cardholder would have to be entered. But as it stands for now, Visa is not using a PIN, leaving this requirement very confusing in the U.S. If PIN entry is needed, waiters can no longer take the card back to the POS and then bring a receipt to the table. Guests must either have an option to pay at their table, or must pay at a register on the way out. It’s a lot to get done in the next 18 months!

So, what happens if you’re not ready by October 2015? Not as much as you might think, actually. There will not be fines levied for non-EMV transactions and the EMV police won’t come barging through your door and shut down your business. The October 2015 deadline is nothing more than a liability shift. That means if a card is charged back because there is fraudulent activity stemming from a card-present transaction, the liability (financial responsibility) falls to whichever organization broke the EMV chain. Keep in mind that may not always be you. With 90% of the issuers and all but one of the processors currently breaking the EMV chain, what do you think the chances are of every one of them being ready in 18 months? Let the finger pointing commence.

Now here’s where we totally depart from what most “experts” are saying. Most in the industry are encouraging merchants to rush to meet the deadline – often because they want you to buy something from them. In typical Shift4 style, we’re recommending you take a step back and not buy into the fear and uncertainty others are selling. In all honesty, Canada’s liability shift was delayed by six months, and their market is about 1/10th the size of the U.S. market. There is a very strong likelihood that October 2015 will become April 2016, or perhaps even later. So don’t panic. Take a serious look at the facts and then do what’s best for your business.

Are you in an industry with a historically high probability of card-present fraud? Then, yes, the cost of EMV will pay off for you right away – so jump in. However, if your business doesn’t experience many chargebacks, the impact of non-EMV-readiness may be less than you might think. In this case, it might be prudent for you to wait for a few months past the deadline until they get all the kinks worked out. Remember, the biggest push for EMV adoption comes from the issuing banks that get to offload the billions in annual fraud loss they currently cover for you, the merchants. But we don’t see them offering to pay your increased costs as theirs are drastically reduced, now do we?

If you want your business to be looked at as a leader in this space, there is certainly room for you to fill that role – and we’re happy to support you as you do so. If you want to be EMV-ready on day one, we’ll make sure you are (even if that means ditching your current processor or POS/PMS vendor if they aren’t prepared). Or, if you have a little more leeway and decide that you’d sooner let everyone else work the kinks out before you join the party, we’re happy to support you in that, too. That’s the beauty of our neutrality. We don’t care what the banks and processors say; we care what’s actually best for you, our merchant customers.

Here’s to hoping the process goes more smoothly than we expect!

Archived Comments

Jeff Hall (aka PCI Guru) wrote on 12/07/13 10:59 AM

Why push EMV? It does not address today's fraud issues at all. Card present fraud is as low as it's going to go in the US and that is what EMV addresses. EMV does nothing to address card not present fraud and never will. Only new technologies such as one time transaction codes generated by smartphones and other "smart" devices and eWallets are the solution. Yet Visa and MasterCard keep pushing EMV down everyone's throats because of their vested interest in a dead end technology. Why would any merchant buy into a dead end? Visa and MasterCard can push their dead end all they want, but the rest of us know better.

John Zastko wrote on 12/08/13 5:12 PM

A very informative article. We are definitely NOT looking forward to this new standard and will wait until the last possible moment before trashing thousands of dollars in currenlt owning and perfectly functioning equipment.

Nathan Casper wrote on 12/09/13 8:58 AM

Oh, Jeff, we're far from pushing EMV. We're just making sure the option is available to any of our merchants who want to use it. We agree that there are more secure options available and that future technologies will likely far surpass anything that EMV offers. Unfortunately, with the card brands not wanting to look like idiots and with the merchants already spending millions to be ready for the liability shift, EMV is all but guaranteed to have a long and costly life with not a lot of benefits.

And John, we feel your pain.

Bob Lowe wrote on 12/09/13 9:02 AM

I think the point is that Card issuers in the rest of the world where EMV is adopted can't remove the Magnetic swipe from their cards until the US as a major market can accept EMV. That means what increased security EMV might provide really can't be fully realized as cards can still be cloned.

Steve Sommers wrote on 12/09/13 9:28 AM

You may be correct and I never thought of it in that context: US merchants are paying to secure the rest of the world. I guess it could be considered the card brands version of wealth redistribution -- since it's all the rave.

J.D. Oder II wrote on 12/12/13 12:27 PM

Not to mention that as EMV is rolled out it will increase card not present fraud as EMV does not do a thing to protect the "track 2 equivalent data" (i.e. The PAN) flowing out of the back end of the input device.

Since no enhancement was made in the antiquated standard to add P2PE or tokenization scenarios to protect such data, as merchants continue to migrate to a much more hybrid footprint for their businesses (traditional, web, mobile, etc.) all EMV will do is move the proverbial pea around unless there are folks like Shift4 that are working on solutions to address these and other issues.