EMV Payment Security Hits US National Spotlight

Last updated: 19 March 2014

EMV payment technology has finally gotten its big break in the US in the way of national news coverage. After several recent high-profile payment card data breaches, more Americans have started to ask whether it’s time for the US to abandon magnetic stripe payment technology in favor of more secure EMV. Yes, it’s time.

For more information about the recent breaches: see the comments made by my colleague, Jack Jania, in Forbes, Bloomberg, and the Washington Post.

An illustrated map, generated by EMV Co, underscores how the US lags behind most of the world in using EMV payments. But there is good news – the US is already in the midst of a widespread adoption of EMV payments.

Though it didn’t receive much fanfare in the consumer media, the US payments industry started a migration to EMV payment cards back in 2012 when the major card brands announced their roadmaps for moving to the technology. Though card issuers and retailers are not mandated to convert their systems to EMV, they face an October 2015 shift in fraud liability. After this date, the party that has implemented chip payments will not be liable for fraudulent activity.

Even though the US has started its migration to EMV, progress has been relatively slow – the Smart Card Alliance estimates that less than 1% of U.S. cards are EMV-enabled. However, this national attention might be just the thing to convince U.S. card issuers and retailers to move more quickly, and this is great for a few reasons:

EMV has stronger security features than magnetic stripe. Counterfeit card fraud as a result of skimming is a very real problem in the US. As we have previously reported, the US continues to see fraud rise, and some have called US card skimming an “epidemic.” This is because magnetic stripe cards are extremely easy to skim and clone. EMV chip cards, on the other hand, are nearly impossible to clone. This is because an EMV chip card uses a dynamic, one-time code (called a dynamic CVV) for every transaction. Even if fraudsters could get their hands on the data from the chip card transactions, they couldn’t use it to make in-store purchases.

EMV’s impact on skimming and counterfeit card fraud is proven. Having delivered cards for numerous EMV implementations across the globe, we’ve seen first-hand the large declines in skimming and counterfeit fraud the technology provides. Take Canada for example, which saw debit card fraud losses from skimming drop to their lowest level since 2003 after its EMV implementation.

EMV will make the US less of a data breach target. Because the data from EMV payment transactions cannot be used to make counterfeit cards and fraudulent purchases, it much less valuable and criminals will be less enticed to go after the information. It’s likely, then, the instances of payment data breaches will decline.