Chip-Card Changeover Slowed by Retail, Certification Delays
"Visa and MasterCard [and others] had to rewrite the certification rules to certify them directly so that the process was much faster, but that was not enough," he said. "Many merchants have new EMV terminals in their stores but cannot use them until they are certified. Certifying millions of merchants in the U.S. is complicated." Those certification issues will not go away soon. Even with the current lawsuit, chip-card terminals will continue to be rolled out, Michael Moeser, director of payments for Javelin Strategy & Research, told eWEEK. Over the next year, as many as 1 million EMV-enabled terminals will be rolled out at gas stations, as retail stops face a relaxed, but still imminent, deadline. Yet even the lackluster adoption of chip-card technology has delivered promising results. Merchants who accept EMV chip cards have seen fraud decline 47 percent year-over-year, according to Visa International. Chip-card transactions represent 37 percent of in-store payment volume, the financial firm said. As the technology behind EMV becomes more widespread, experts expect point-of-sale fraud to decline to 1.6 percent of all transactions in 2019, from 2.3 percent today. Online shopping or other transactions in which a person is not presenting a card will see a higher fraud rate, 3.1 percent in 2019, up from 2.4 percent today. The net impact is that fraud will remain virtually unchanged.
"Fraud moves, and we need to continue to move to defend against it," Javelin's Moeser said. "It's like squeezing a balloon—the air moves around when you put pressure on any one spot.""Whoever has implemented with EMV has seen a reduction in fraud, while those [who] have not, 100 percent, have seen an increase," he said. Retailers and card processors will also have to adapt to an increasingly mobile population, where the majority of transactions will use mobile phones equipped with Near Field Communication (NFC) or other wireless technologies, not chip cards. Already, more people are paying through their phones. Not only at the register through NFC services such as Apple Pay and Google Wallet, but when ordering services through mobile apps, such as Uber, Lyft and GrubHub. Finally, retailers and card processors have to recognize that the pain of EMV is only solving the security problem at the point of sale, not protecting the data all the way to the card processor, HPE's Rice said. "You always need to keep your eye on the ball in data security," he said. "If the card data is stolen, it is simply going to come back in the system down the road and cause more fraud."
"Fraud moves, and we need to continue to move to defend against it," Javelin's Moeser said. "It's like squeezing a balloon—the air moves around when you put pressure on any one spot."
In fact, online thieves are very adaptable. With EMV adoption so irregular, attackers are shifting their fraud efforts from stores that have adopted EMV to those that have not, according to Capgemini's Rojas.