We wanted to share some information recently gathered at the Visa Payment Technology Provider Forum held last week at Visa Headquarters in San Francisco. Hopefully, this can put some proper perspective on the upcoming October date for the EMV liability shift.
As of July:
117 million EMV cards have been issued (28% of total cards)
78 million of which are credit and 39 million are debit 250,000 merchants
have been EMV enabled (this represents about 5% of the US merchant base)
A few hundred terminals supporting EMV PIN debit
have been enabled
The recurring theme at the Forum was that issuers are rapidly putting out more EMV cards while the US merchant base is struggling to become EMV ready. The reason is simple-the processors have been very late in putting out EMV specs and getting ready for EMV testing. The processors have focused first on their large retailers and their stand-alone terminal merchants. Today you will see Walmart, Home Depot and Target accepting EMV cards and you will also see various small terminal based merchants accepting EMV. The POS integrated solution, which is much more prevalent in the U.S. than any other country, is slow to convert to EMV. The processors were just not able to handle all of the necessary testing in a quick enough time frame.
To paraphrase the many other messages delivered at the Forum, here are some of the highlights: "2016 is the year of the POS integration." 2015 will not happen for many integrators, and many others suggested it will lag into 2017. "Nothing really happened in Australia and Canada when the liability shift took place." Australia and Canada have recently added EMV and no disaster occurred when the liability shift went into place in those countries. We can expect the same in this country. October will come and go without much fanfare. "The bad guys will continue to target high ticket items, including electronics and jewelry, and those stores selling open acceptance gift cards." Credit card thieves will not go away and they will continue to search for weak links. "Encryption can be more powerful than EMV for preventing fraud and theft." Two interesting facts support this. Most of the world did not have encryption in place prior to EMV so EMV was sort of the first real attempt to counter fraud and theft in most places. The large breaches that have occurred in the U.S. in recent years (e.g. Target, Home Depot, Neiman Marcus, etc..) were all cases where the merchants did not have encryption in place. Visa highly recommends the triple play in fighting fraud and theft: EMV, encryption, and tokenization. BridgePay hopes all merchants will follow this path.
BridgePay will begin offering EMV with First Data Omaha in a couple of weeks and that will soon be followed by TSYS. Many other processors will soon follow. It is not an easy task but we are bulldozing our way through it. We will continue to keep our customers up to date with this progress and look forward to announcing the first completed EMV certification. In the meantime, our recommendation to our POS integrated partners remains the same. Please reach out to our Developer Support team to discuss your current integration and plans moving forward to integrate PayGuardian
, our EMV and PA-DSS certified middleware. The team can be reached by emailing [email protected]
. Our PayGuardian product suite provides a solution for all types of operating systems: Windows, iOS, Android and a customizable payment page for a browser-based POS.