Just as this joke has no well-designed conclusion, the controversy around EMV conversion protocol seems like it will never end. And as fortune would have it, the three subjects in the title are at the heart of the most recent debate.
Senator Dick Durbin, somewhat of a merchant ambassador on Capitol Hill, is once again wielding his influence. The Senator sent a letter asking the FTC to explore the backlogs in the EMV certification process. Many merchants have issued complaints around the certification process, claiming the complexities and delays have restricted them from upgrading their point-of-sale (POS) terminals to be EMV compliant.
While it’s never easy to side with Washington, the case against the card issuers in this debate is growing stronger by the day. This entire debate isn't over security, it’s over what is the best business case. For the card issuer, it's better business to have consumers use chip-and-signature cards because they make more money on those transactions. It's better business to avoid credit card attrition among cardholders who don’t want to have to remember a PIN when transacting. In other words, no card issuer wants be the most difficult card to use in a consumer’s wallet.
And here's just another situation that wreaks of “better business” motives. The entire certification process was developed and is managed by EMVCo, which is overseen by EMVCo’s six member organizations — the major credit card issuers. So this begs the question: Who benefits from the certification being riddled with complexities and backlogs, preventing merchants from upgrading their terminals? The card issuers — the very same organizations that created the convoluted process. The longer merchants take to update their systems, the greater their fraud exposure and liability since both have shifted away from the card issuer.
However, merchants aren't innocent in this whole fiasco either, as their motives are primarily business driven. Not updating terminals is a multilayered problem with some merchants not wanting to disrupt and confuse consumers during the busy shopping seasons (i.e., they wanted to make more money). Furthermore, their support of chip-and-PIN cards over chip-and-signature may seem security driven on the surface, but in fact it's less expensive per transaction than chip-and-signature.
So how does this all balance out? I'm for “Team Merchant,” especially small and midsize merchants (and I guess by default Durbin). Merchants never held the liability for card-present fraud. EMV rolls out, and now they're liable for all card-present fraud unless they upgrade their systems to be compliant with chip-enabled cards. In order to do that, they have to dedicate a great deal of money, time and resources. Even if they do it, they're hit with a certification process that has more complexities and red tape than the institution investigating the backlogs. And let’s say they navigated this maze successfully and are certified on time, then their shopping lines are filled with customers using chip-and-signature cards, which are more expensive for merchants to process.
The EMV rollout hasn't been easy on anyone. Just about every time I'm in a line in a retail store, I hear the inevitable exchange between the store associate and customer on how to use the card. “Oh, don’t take it out yet” or “No, you need to swipe it, we don’t have that yet.” Across the board, the frustrations and inconveniences would be a little more tolerable if the sacrifice was in the name of security and a safer way to transact. While security weaves in and out of the debate, the central theme revolves around the financial implications for merchants and issuers, leaving most small and midsize merchants on the short end of the stick.
PJ Rohall is a supervisor on the fraud management solutions team at Radial, an omnichannel commerce technology and operations provider.
Related story: 3 Ways to Improve Your Data Security