EMV technology has taken a strong hold in Europe

Over a decade ago, chip and PIN technology was first rolled out in Europe and the UK. Its adoption was fast, and almost complete, with only a few merchants not accepting the new technology. And there are certain lessons that America can learn from the European adoption that could speed up its own adoption rate.

The Liability Shift began in 2005

In 2005, MasterCard began the Liability Shift, holding merchants liable for any card present transactions that were fraudulent, and Visa followed suit a year later. The reason for this was the EU-wide adoption of EMV chip and PIN cards. EMV stands for EuroPay, MasterCard, and Visa, who first implemented the technology that embeds a microchip into the credit card to make payments more secure at retail locations and self-serve terminals. The technology meant a move away from magnetic strips, which could easily be “cloned” to a standard which required the customer to input a PIN into the terminal for authorization, instead of a signature.

Why was the roll out in Europe so successful?

So what lessons could be learned from the successful roll-out of EMV in Europe? Firstly, education is the key to any successful roll-out. In Europe, both consumer and retailer were given a mass of information surrounding the impending adoption and roll-out of EMV technology. Cardholders are a major part of the adoption strategy and must be educated properly on the uses and benefits of the EMV tech. And by educating the merchants in the benefits of EMV-enabled terminals – such as the reduced number of fraudulent transactions that can be processed in card present transaction – the European roll-out handled a lot of the major concerns of the retailers.

Another way the migration to EMV was achieved was by adopting rolling deadlines for different areas of the markets. By shifting the migration date incrementally, the card issuers showed the merchants what the cost would have been if the Liability Shift had already been implemented. The figures given included a breakdown of the merchant’s fraud liability would have been in comparison to the cost of upgrading their terminal and training their staff. The breakdown was given monthly to the merchants, which prompted many of them to make the move to EMV before the actual deadline came about.

Online and card not present fraud increased

However, despite the reduction in card present fraud in Europe, migration to EMV did little to stem the onslaught of online and card-not-present fraud. Fraud will never go away permanently. When one technology takes hold to stop fraud, the fraudsters soon find another avenue to commit their crimes. When educating cardholder, issuers need to be careful in “overselling” the security of benefits of EMV. And that can be more clearly seen in the recent Target breach, which could never have been prevented by EMV, since the attack was on the point-of-sale (POS) software itself, using memory-scraping malware

EMV is not omnipotent in protecting data

And it should be noted that EMV, even in the secure systems in Europe, is not infallible. Ross Anderson, a professor at Cambridge University, produced research results that showed EMV cards can be cloned – using a method called “chip-and-skim” attacks – and then used to commit card present fraud at the POS. As this makes it look like the cardholder was responsible for the transaction, it is hard to determine that it is fraud.

However, in Europe, this has yet to be seen, and card present transactions so far have been secure, which has prompted the normal move to other means of fraud for the criminals. EMV adoption in Europe triggered a move to online fraud and card-not-present fraud types. Online fraud activity saw a huge increase since 2006, and stolen EMV-enabled cards were used just as much as the magnetic strip type. And likewise, the incidents of card-not-present fraud increased dramatically as well. In the UK, the total fraud losses actually increased in the years immediately after the migration to EMV. Anderson explained that this was due to fraudsters “always being able to find the path of least resistance”.

PIN is more secure than signature

One definite advantage that Europe has had over the U.S. roll-out is the use of a PIN instead of a signature. The use of chip and PIN security may prove to be much more secure than the new American idea of chip and signature. With the remarkable ability of fraudsters to forge signatures, card present fraud may not match the drop it did in Europe. And when you add to that the merchant’s likelihood to actually match the signatures, it means that the security of EMV may well be compromised. While the U.S. use of signatures may be due to the idea that people will more easily forget their PINs, when faced with that option in the United Kingdom, the concern proved to be unfounded as the issue was not a major one after the migration occurred.

Expensive education costs in Europe

One of the downsides of the European migration was the cost of educating the consumers and merchants on how to use chip and PIN cards and terminals. In the UK the advertising was immense, and all available press and television outlets were used for this. In the U.S. it may cost less since people already know how to make a payment by card using a signature, and the only education needed is to ensure they remember to use the chip instead of the magnetic strip. However, despite being immensely costly, it proved to be a major factor in the success of the UK migration.

In Europe today, mobile payments and contactless card payments are fast becoming the trend, and the “1980s technology” of EMV, while still useful, is old spec. But, while mobile payments may be the next generation of payment solutions, EMV technology will still be a major factor in the protection of card use.

Related articles published in Mobile payment :

Source : http://www.bankinfosecurity.com/advice-for-us-how-to-speed-emv-rollout-a-8552

Image: Shutterstock