Relics of Technology -
These are great!
Hard Cider coming at you!
Superman & Green Lantern -
That Batman. He’s such a Joker.
Let’s do the Tango!
Way to go Google (really Motorola) with this new prototype. This is one of the first novel ideas I’ve seen in a couple years. For too long has virtual reality (VR) relied on the single camera in an app. Its always felt like a clunky solution and I’m glad to see someone really working on improving it.
Yet I’m not sold that a cell phone is the correct application for this technology, or at the…
View On WordPress
October 2015: The End of the Swipe-and-Sign Credit Card -
Tom Gara spoke with MasterCard’s Carolyn Balfany about the new chip-based payment system known as EMV:
Part of the October 2015 deadline in our roadmap is what’s known as the ‘liability shift.’ Whenever card fraud happens, we need to determine who is liable for the costs. When the liability shift happens, what will change is that if there is an incidence of card fraud, whichever party has the lesser technology will bear the liability.
So if a merchant is still using the old system, they can still run a transaction with a swipe and a signature. But they will be liable for any fraudulent transactions if the customer has a chip card. And the same goes the other way – if the merchant has a new terminal, but the bank hasn’t issued a chip and PIN card to the customer, the bank would be liable.
The key point of a liability shift is not actually to shift liability around the market. It’s to create co-ordination in the market, so you have issuers and merchants investing in the migration at the same time. This way, we’re not shifting fraud around within the system; we’re driving fraud out of the system.
That’s an interesting way to make everyone is very much incentivized to update their systems. It sure seems like it will work. We’ll see. It’s ridiculous that the United States isn’t using the chips already.
Not entirely true, MG. Lets take this a few points deeper.
First off, yes, it will help. A lot. It won’t solve the problem though, not totally.
The assumption made here in the liability shift is that the merchant isn’t already eating the costs of the fraud. In most cases, they are. The customer doesn’t (at least, not over $50) and most of the time, in my experience, neither does the credit card company or the issuing institution. No, the cost of the fraud is already being eaten by the merchant seller.
There are some exceptions to this, mostly if the issuing institution didn’t do their due diligence in protecting the merchant from the fraud, but how often do you think they actually own up to that when its their bottom line that gets eaten into? Not very often. The merchant can participate in an insurance program that will cover the loss from fraud, but that increases the cost of every transaction, so the merchant is really just playing a game of losing less.
Its only in a very small number of instances, in terms of fraud, that the liability shift will help the merchant in any way. Better than nothing, right? Maybe not.
Second point goes to the entire process of EMV. Card swipes are cheap, easy to implement and thus, easy to defraud. EMV is none of these things. There is currently only a single EMV reader approved for use in the US market. What’s worse, that device must have its certification renewed every 3 years. If a merchant purchases one at 2 years and 364 days, it immediately has to seek recertification of the device the following day. If the manufacturer has decided not to get the certification done themselves, the merchant is now responsible for receiving that certification. Planned obsolescence.
But that’s not the only cost. The EMV devices are usually significantly more useful than a traditional swipe, but they’re also significantly more costly. We’re talking $15 for a swipe v/s $500+ for EMV.
Don’t forget your point of sale has to be upgraded to work with EMV AND it also has to be recertified every 3 years as well. You don’t think those upgrades are going to be free, do you?
Third, this isn’t encryption. EMV card data is still transmitted to the point of sale in the clear. The difference is that it also has a generated ID from the card that goes with it that is one time use and (at least as of now) can’t be faked. The CVV data isn’t sent along, so all the card thief gets is the card number and expiration date, which are not nearly as useful. Note I didn’t say not useful at all.
Some banks and credit unions will authorize a card for a transaction with just a correct card # and expiration date. These are not exactly rare, but are getting rarer. To combat this last angle of fraud, those institutions must update their back end processing software. Where do you think they are going to get the money to do that? Higher merchant fees.
So, to sum up… EMV is an improvement, but a costly one, not just one time but every single day. It won’t entirely solve the problem, especially as customers can opt to swipe and not use EMV, which only makes it worse on the merchant in the long run.
I think merchants will upgrade, mostly because no one wants to be another Target, but it won’t be something they enjoy.