EMV Liability Shift, How Mobile Authentication Can Ease the Pain

In October of this year, any merchant in the US who does not demonstrate the ability to accept EMV transactions can be deemed liable for the fraud associated with counterfeit cards.

That’s only 7 months from now.

Most people in the EU can’t really understand the confusion this has generated – we’ve had chip & PIN for well over a decade – but for the population of the US swipe & signature is as natural as handing over cash. Retailers are rightly concerned that adoption will be a slow and painful process. However, that may not be their biggest concern.

Estimates of the cost of transition from magnetic stripe to chip range from $8 – $12 Billion, and the lion’s share of the burden will fall to the retailers who must replace their existing payment entry devices (PEDs) with chip compatible ones. The chances are good that this expense was not in their long-term costings, and bringing forward the end-of-life of their PED infrastructure is simply not an option in an industry where profit margins are razor thin.

But the thing that few people realise is that while the chip alone is a positive factor in fraud reduction (anti-counterfeit), the greatest benefit of the roll-out of EMV is only achieved when deployed in conjunction with the use of a 4 digit Personal Identification Number (PIN). This effectively adds a second factor of authentication (the card is something you have, your PIN is something you know) making card present transactions significantly more secure. PIN alone would have significant positive impact as well.

It follows therefore that while organisations scramble to comply with the letter of EMV, there already exists in almost everyone’s pocket in the form of a smart phone the capability to provide not just a PIN, but multiple forms of authentication and value-add services that far exceed the benefits of the chip.

Even the loss of the Primary Account Number (PAN), which is the largest cause of card related fraud, is meaningless if the thief can’t complete the transaction. Add to this the numerous benefits of instant coupons, loyalty programs and even ratings & reviews, and the retailer now has the capability to enhance the customer journey while meeting the intent of EMV.

Neither the card issuers nor the card schemes are fixated on EMV itself, they are only truly interested in reducing fraud. Retailers share this goal, even if they do not entirely agree with the way to get there.

It is up to authentication vendors to provide alternatives, and get those alternatives tested, real-world proven, and on the table. This will not be authentication vendors or mobile device manufacturers alone, and the result will not be a decision made by card schemes alone. This will be a collaborative effort between ALL players, and will only work if everyone comes away a winner.

Especially the consumer.