Right now, all eyes are on the next six months. But what about after the liability shift? What happens then?
Whether or not any particular merchant is ready for EMV by Oct. 1, payments executives are figuring on two things as pretty much sure bets after that date. One is that the prospects for mobile wallets and contactless payments generally will be much better. And the other is that e-commerce fraud will explode.
After Oct. 1, look for renewed interest in contactless cards. Yes, they pretty much flopped the first time around, but now observers are predicting EMV’s infamous “chip-and-dip” routine will bring it back. “What we saw happen in Canada after EMV went live was a demand to make transactions easier,” recalls Greg Burch, vice president of mobile for Atlanta-based terminal maker Ingenico. “That led to issuers putting antennas in their cards.”
Facing the Consumer
The problem with the “contact” version of EMV is that it requires the consumer to insert her card in the terminal and then leave it there for a while so the device can both read and rewrite the card’s chip. That’s not only unfamiliar, but also slow and clunky compared to the mag-stripe swipe.
In Canada, where EMV went live nationwide a few years ago, consumers were also walking out of stores without their cards. “People forgot their cards because they’re not used to inserting their cards,” says Burch, who adds merchants would collect the chip cards in boxes and then call their customers to come get them.
By contrast, contactless would let consumers hold onto their plastic and simply do a wave or a tap. That works until you encounter a merchant who keeps the terminal behind the counter. And there are a lot of those.
“Most of [the EMV devices] we are deploying still have no consumer-facing component,” notes Greg Cohen, president of iPayment Inc., a New York City-based independent sales organization serving 150,000 physical and Web merchants. “I’ll be interested to see what happens when merchants realize [they] need something that faces the consumer.”
That could lead to more sales for merchant servicers like iPayment as these merchants snap up consumer-facing peripherals and link them to their behind-the-counter terminals, Cohen figures. All in, merchants are expected to spend a cumulative $2.6 billion on EMV gear by 2018, according to projections by Javelin Strategy & Research, Pleasanton, Calif..
‘A Bigger Target’
Another beneficiary of the contactless trend will be mobile apps, some of which depend on a form of contactless connectivity called near-field communication. The most prominent of these is Apple Pay, which many merchants are eager to accept to please the typically upscale customers who carry the iPhone 6 and 6 Plus.
While nearly all EMV terminals are shipping with NFC capability (meaning they have the needed software and antenna), merchants still need to switch on the contactless function. The demand for wallets just might do the trick. “I’ve got to believe the availability of Apple Pay will be a fairly strong motivator,” says Nick Holland, a senior analyst at Javelin.
On the debit side of the ledger, e-commerce card fraud is almost certainly going to rise, and rise fast, to new heights. Indeed, the increase in fraud online will probably more than offset any savings on counterfeit and lost-and-stolen fraud realized at the point of sale.
Javelin forecasts online fraud will nearly double, to more than $18 billion, by 2018, swamping an expected $1.5 billion improvement in POS fraud.
Expert opinion differs on the cause. Many argue criminal groups will simply move online after widespread EMV deployments begin to foil their schemes in stores. This is what has happened in markets like the United Kingdom that have relatively mature EMV terminal installations, they say.
But others say the explosion of online fraud in those markets is related to the boom in online volume, and has little to do with EMV. Fraudsters aren’t moving online—they’re already there, Holland points out.
Some agree that online growth is driving fraud, but don’t entirely discount the role played by EMV. “In general, merchants need to think about growth in the digital channel. It just becomes a bigger target,” says Michael Grillo, director and marketing-line leader at ACI Worldwide Inc., a Naples, Fla.-based payments-solutions company.
‘All Hands on Deck’
E-commerce merchants have a tricky problem to solve. If they tighten authentication routines as EMV rolls out nationwide, they may cut fraud losses but also lose customers who don’t want to jump through additional hoops at checkout.
Grillo argues a good bet will be to rely on newer technologies like a digital ID, or token, that can be uniquely associated with each customer to allow streamlined checkout without the risk of either fraud or cart abandonment.
Another possibility is 3D Secure, a form of online authentication that most merchants found too intrusive in its earlier incarnation but is now undergoing a revamp in the hands of EMVCo, the standards body that manages the EMV specifications.
At any rate, at least online merchants have been assuming fraud liability all along, and so are accustomed to dealing with it. With the liability shift, physical merchants and their acquirers will be taking it on for the first time if they aren’t EMV-compliant.
Whatever happens, though, don’t look for any immediate action at either brick-and-mortar or Web merchants after Oct. 1. It’s just too close to the holidays. Then, “it’s all hands on deck,” says Grillo, but not to make system changes for EMV.
—John Stewart