By Jeremy Gumbley, CTO of Creditcall in New York
While credit card fraud is in no way a laughing matter, the latest figures around the amount of customer data comprised and dollars stolen are quite astonishing. Nearly 70 million customers’ credit card data was reported stolen from the Target breach alone and an annual figure of $11 billion lost was recently reported by Javelin Strategy & Research. But consumers and businesses aren’t laughing as more parties are questioning the systems that have been put in place and why the U.S. — one of the typical leaders in the tech race — is dating itself with insecure magnetic stripe based technology.
Meanwhile, around the world there are 1.62 billion EMV-compliant payments cards in use. The EMVCo standard has transformed the payments landscape, requiring every single terminal to be modified or replaced and banks to re-issue every credit and debit card.
However, it’s proving to be a less-than-easy task in the U.S. as the cost of EMV migration and the complexity of migrating are widely acknowledged as major barriers to the adoption of the new standard as a whole. The fact remains that the U.S. is one of the last major economies to adopt EMV and ultimately faces an imminent deadline for liability shift. In October 2015, MasterCard and Visa’s regulations on liability for fraud will change, shifting liability to the merchants and banks, in an effort to encourage a migration to EMV. These new regulations will make it so that when a fraudulent charge occurs, the liability will fall upon whichever party involved in the purchase has the less secure (i.e., not EMV-compliant) technology.
Shifting from traditional mag-stripe to EMV chip-card technology brings increased costs for issuers, merchants, acquirers and various others involved. In the U.S., due to the massive extent of the payments ecosystem, making this investment feels more burdensome than in other countries. The benefits of EMV are constantly being called into question by both large and small businesses alike — does the amount of time and expense for some organizations create a barrier to global adoption?
The main driver behind this migration is the central goal of worldwide fraud reduction that has been put into place. In order to reach this goal, the migration to EMV must permeate a significant percentage of credit cards in the U.S. in the next two years. This gives the U.S. market a long way to go, sitting at only 1 to 5 percent chip-card ready in January 2014.
Point of sale (POS) manufacturers and integrators are charged with replacing or upgrading all terminals on behalf of their merchant customers. This is a costly and time-consuming process that requires the integration of numerous pieces of hardware, and management of strict and extensive testing and certification procedures. The certification expense is not limited to initial installation — organizations in EMV mature markets face ongoing software updates and re-certifications in line with EMVCo specifications.
Fraud reduction on a global scale requires an initiative at this same level. The industry must collaborate and coordinate in order to smooth the obstacles that stand in the way of global EMV adoption and interoperability. Progress is beginning: Target recently announced that they will be issuing chip cards, and the NRF (National Retail Federation) testified in front of Congress that migration to chip and PIN is a “must” for retailers. But more steps need to be made across the board by all parties involved in order to protect consumers from widespread credit card fraud. The stakes are high and failure to comply means simply turning a blind eye on — rather than eradicating — fraud, and will keep the true benefits of EMV just out of reach. By presenting a unified front across a global payments landscape, all parties (including consumers) will benefit from the protection that EMV in conjunction with complementary security technologies such as P2PE (point-to-point encryption) and tokenization are designed to provide.
Creditcall makes card acceptance simple from any device, anywhere. Whether attended, unattended, online or mobile, our award-winning EMV-ready payment gateway and EMV Migration solutions are at the very heart of our clients’ businesses, ensuring payments flow – all day, every day. Creditcall’s ChipDNA API is the simplest and most cost effective way of adding EMV transaction processing to your Windows or Linux based attended or unattended Point of Sale (POS) applications. Creditcall is a global business with offices in North America and Europe. To learn more, visit us at www.creditcall.com.
About Jeremy Gumbley
Jeremy became CTO and technical director at CreditCall in 2001, having spearheaded the company’s technical development since 1999. He is a veteran of the payments industry, having driven product and technology development roadmaps to accommodate EMV migration programs in the UK, Europe, Africa and the Middle East as well as the US and Canada. As CTO, he is responsible for the design, development and implementation of the company’s market leading card payment solutions and portfolio of EMV Level 2 Kernels. Under his technical leadership, the company has licensed and deployed over one million Kernels in the last decade. In addition, Jeremy oversees the maintenance of the company’s PCI DSS Level 1 compliance. Jeremy.Gumbley@creditcall.com
Previously, Jeremy was managing director of his own software business, CGCS, and also developed software systems for CallShop and Command Software Systems, Inc. In the mid-80s and early 90s, he was immersed in the anti-virus and computer security sectors and developed one of the very first commercially available anti-virus packages. He also pioneered the concepts of tele-voting via premium rate telephone numbers and of low cost telephone services through retail outlets and prepaid telephone cards.