EMVCo Growth Report is Good News for Global Security

Global technical body EMVCo recently reported that by the end of 2015, 4.8million EMV payment cards were in circulation globally.[1] This is very good news for consumer data security. With the EMV protocol, card data is stored on an integrated circuit rather than on a magnetic strip, making it extremely difficult to clone. A key component of EMV’s success is its simplicity; where chip & PIN is in place, the user only has to remember a short 4-digit PIN and their payment card to conduct a secure transaction.

The UK has now been using EMV technology for over a decade. Barclaycard became the first to launch the cards in Northampton back in 2003, the biggest trial of chip & PIN cards in the world.[2] Since then the EMV standard has continued to be adopted by more and more countries.

The US, however, has been relatively late to adopt the standard, with the transition from magnetic stripe to chip only starting in October 2015.

Many still believe that the US has failed to take advantage of the full potential of EMV by not implementing PIN as mandatory for card present transactions. This has been expressed recently by large international retailers, such as Walmart, which has seen the benefit of PIN in other markets, and would like to extend those to the US.[3] Consumers have also voiced a similar view and believe that chip & PIN cards provide more data security than other cards.[4]

According to the EMVCo stats, in 2015, 35.8% of all card-present transactions conducted globally used EMV chip technology, and this figure is increasing.[5] EMV has been hugely successful in reducing card-present fraud from day one by adding an extra layer of security to the authentication process. When introduced in the UK, EMV helped reduce fraud by 13% in the first year. These fraud reductions continued further, with counterfeit card losses down from £129.7 million in 2004 to £47.8 million in 2014.[6]

With PIN’s success clear to see, there is an opportunity for the same school of thought to combat the ever increasing instances of card-not-present fraud, especially on mobile devices. Since the wide adoption of EMV, card-not-present fraud has increased, with criminals seeing online as an easier alternative. This has been widely reported but, so far, not widely addressed in practice.

Currently, most card-not-present transactions are authenticated using 3D Secure, which often causes friction for the customer and results in checkout abandonment. By requiring card-present-transactions to be verified using the cardholder PIN on a mobile or tablet, many instances of such fraud will be reduced, without adding friction to the process.

[1] https://www.finextra.com/pressarticle/64995/number-of-emv-chip-cards-in-circulation-increases-to-48-billion

[2] http://www.information-age.com/industry/uk-industry/123460936/will-contactless-end-britains-10-year-love-affair-chip-and-pin

[3] http://www.wsj.com/articles/wal-mart-sues-visa-over-chip-enabled-debit-card-transactions-1462906677

[4] http://thehill.com/blogs/congress-blog/economy-budget/282778-why-dont-banks-care-more-about-credit-card-security

[5] https://www.finextra.com/pressarticle/64995/number-of-emv-chip-cards-in-circulation-increases-to-48-billion

[6] https://www.finextra.com/newsarticle/28466/uk-hits-10-year-chip-and-pin-anniversary-