Payments Views

Card Fraud

The Case for EMV Chip Cards in the US?

In one of my prior lives, I made the phone call that triggered what eventually became the industry standard for chip card deployment now known as EMV (Europay-MasterCard-Visa). That call was made almost 20 years ago.

At the time, I was at Visa where we were spending a lot of energy on the development of proprietary chip card technologies (e.g., the Visa Super Smart Card). Our counterparts at MasterCard, of course, were trying to do the same.

While we were actively developing these technologies at Visa, we were under increasing pressure from the French banks and payment card industry to adopt their chip-based technologies as a global chip card strategy.

What became obvious was that separate card association efforts to develop proprietary chip card technologies weren’t going to result in an industry solution that made sense. Instead, what was required was a coordinated effort to define the new standards – and that insight led to that phone call that I made and, ultimately, to what became EMV.

The Smart Card Alliance has just published a new white paper titled “Card Payments Roadmap in the United States: How Will EMV Impact the Future Payments Infrastructure?“. It’s perhaps the most concentrated look at the issues and opportunities associated with deploying EMV-based chip cards in the US market that’s been published publicly – a very articulate examination of the issues involved and how the various stakeholders might be affected by such a migration to EMV in the US.

We sit at an interesting point in the evolution of electronic card-based payments. In the US, the business case for implementing EMV-based chip cards remains very challenging. While the SCA’s white paper alludes to fraud trends, the reality is that the break-even for a complete migration is a long time – we might debate exactly how long.

Meanwhile, in other markets with much more concentrated stakeholders, migration to EMV is either underway or complete. First lesson: a small group of decision makers makes for an easier migration decision.

Unfortunately, in a world of global payment card acceptance, country-level decisions about card technology are clearly suboptimal – yet they are today’s reality. The SCA white paper says:

“The adoption of EMV chip cards and POS terminals in the United States would have a dual benefit. Not only would American merchants, acquirers and issuers benefit from smaller losses and improved cost management controls, but all EMV-enabled issuers globally could experience reduced losses and decreased operational impact from payment card fraud.”


And, if the global payment card community could just agree to move completely to chip and remove magnetic stripes from all cards, all of the fraud reduction benefits could be achieved.

Meanwhile, card fraud losses can be expected to move to those countries who are the last to adopt EMV – and card issuers, who have invested in the card technology of EMV, will be increasingly pressuring non-EMV acceptance markets to adopt.

This is squarely where we sit today in the US. Some US cardholders are experiencing declines when they present their non-EMV cards to merchants in EMV countries. This isn’t supposed to happen – but it does.

Yet, US issuers and the major card networks can’t really make decisions to invest in EMV because the business case still doesn’t make sense. And, once again, unilateral action by one card network to embrace an EMV migration doesn’t make sense. Large merchants who are pushing for EMV in the US as a scope reduction initiative related to PCI are frustrated that the card industry won’t invest in this change.

The Smart Card Alliance paper lays many of these issues out in detail – and kudos to the Alliance for stepping up and orchestrating a coherent response to these issues. At the end of the day, the case is still not clear cut. The concluding section of the paper doesn’t clearly articulate the case for change. Rather, it notes that migration today – as a late follower vs other countries around the world – “will be less complicated that it would have been a decade ago.” Let’s hope so – that we’ve learned something from earlier deployments.

But, where is the still elusive positive case to move forward? What role might the Fed play – now that it has some oversight with result to card fraud – at least regarding debit cards?

And what about mobile payments? Don’t we all want to just tap our phones to pay?

What are your thoughts? Please share them in a comment below – or send me an email and we can find time for a private conversation!

[Update: Feb 9, 2011 – Visa announced a new Technology Innovation Program (TIP) that “will eliminate the requirement that eligible merchants annually validate their compliance with the PCI DSS for any year in which at least 75 percent of the merchant’s Visa transactions originate from chip-enabled terminals. To qualify, terminals must be enabled for contact or dual contact and contactless interface chip acceptance.” But the program does not apply in the US market because “it is not feasible or appropriate to drive the market toward major infrastructure investments, especially in an environment where financial institutions could lose billions in revenue as a result of the regulation” according to Visa.]

0 0 votes
Article Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Albert Drouart
10 years ago

I can say that I’m getting increasingly frustrated as a card holder, while I totally appreciate that there is no business case. I want my issuer to offer me a card, at my cost, so I can travel without headaches and without cash — so yes, I’ll pay for an EMV card please. I’m sure it is easier said than done.

Recent frustrations: Malaysia. I tried to buy lunch for the family in Malaysia and was turned away, also had to go to a “special” checkout when buying something at Carrefour in Malaysia too. (Bad, very bad checkout experiences ended up paying Cash!)

I’ve also gone machine-by-machine at the train terminal in Charles De Gaulle to find the one machine that would take my card to buy a train ticket to St Michel-Notre Dame on the RER. I did find one, and I treasure that find everytime I go to Paris since I know I can buy a train ticket — we will see how long it lasts! And generally speaking it won’t work in other stations.

10 years ago

Same with Albert, I faced too many troubles of non-acceptance of ancient magnetic stripe credit cards abroad.

Recent case: could not pay for the cab at Fukuoka because the only reader in the cab was a chip and PIN terminal.

All I’m asking for the card companies is to give me an optional Chip & PIN card for travel use abroad. I’d be willing to pay for the extra cost of issuing it, but just give me an option!

Deborah Baxley
10 years ago

Scott – thanks for the great review. I was one of the authors. We tried very hard to provide a nuanced, detailed and well-balanced approach of the benefits and impacts of EMV implementation in the U.S. for all stakeholders.

10 years ago

Hello Scott,
Interesting vision of US payment industry comparing to SmartCard alliance white paper.
However I don’t think that the fight must be between EMV and contactless (and/or Mobile Payment) as those two option are complementary.
One is a payment standard with some security features and the second one is a technology.
At this time it seems that US is going to contactless technology. Why not, but this will not fixe all fraud issues that an EMV soultion will.
In fact I think by adapting payment industry from magstrip to contactless they will use a funny way to propose one new technology to cardholder, with some minor impact on international fraud fight.
Now if US want to eradicate payment fraud, by adopting EMV standards, they will make once time a big investement but with a very efficient results.
Comparing to adopting PCI security rules, and now using contactless technology. As mentioned merchants are frustrated by PCI as it has cost a lot and now it seems to be not enough!
So from my point of view the question is how could we implement EMV standards at the US national scale by limiting as much as possible costs of such system and its maintenance?

Fazal Majid
10 years ago

I got my first chip payment card (pre-EMV) in 1989, when I still lived in France, from the Post Office’s bank of all places, and can’t fathom why the technology took so long to be adopted. The business case in the US may not make sense, but that is in large part because externalities skew it when considered only from the bank or processor’s myopic point of view:

1) Identity theft is exceedingly costly for its victims, who have to spend inordinate amounts of time to get the record rectified. No wonder banks fail to do anything serious about it, since the cost to them is minimal. The credit bureaus have the gall to turn identity theft victim’s suffering into a profit opportunity by selling expensive credit monitoring services, i.e. pay the credit bureaus to rectify the errors they themselves introduced through lax security standards.

2) Credit card fraud is one of the avenues for the financing of terrorism. See this Economist article:

“Units of his organisation are believed to raise money through financial and other sorts of crime. For example, Ahmed Ressam, an Algerian who plotted to bomb Los Angeles airport but later co-operated with American authorities, says he was given $12,000 of seed-money to set up his operation. When he asked for more cash, he was advised to finance himself by credit-card fraud.”

The Federal government would be well advised to mandate fraud-control measures on national security grounds alone.

10 years ago

I’m glad I left the payments industry a year ago – it is just too depressing how the U.S. can’t move forward on this.

My opinions are fairly well known, but I’ll go through them again:

– It’s not all about issuer basis points of fraud. The payment pentagram includes consumers, merchants, acquirers, and many networks in addition to issuers/card brands. They all pay a price. Why can’t the brands lead a plan, orchestrated by U.S. Federal Reserve Bank regulation, to get to EMV, soon? Everybody will benefit; everybody can pay.

– We need online identities anchored in hardware cryptography. Everybody who does financial cryptography understands that for anything of value, you can’t store the keys in software. You need hardware protected keys, with a cryptoprocessor to operate on them, and very importantly, a trusted UI to the human that doesn’t involve hackable software. EMV is a good basis for this. Our friends in Cambridge under Ross Anderson continue to do a yeoman job of exposing crummy implementations. The only other contenders are TPMs and SIMs. Both of these have possibilities, but they don’t have the human legal trust framework around them yet that payment cards do. m-pesa and GCASH could up end this, but still it is probably one of these three. Oh, and then there’s Apple. As Anders Rundgren gleefully points out, Apple is talking about a new crypto card slot in the the next generation IOS devices. Never underestimate Apple’s ability to affect consumers. But back to my original contention, EMV chips could do the job for Internet scale consumer identity today. The IBM ZTIC, now available as a VASCO device, is an excellent example.

– Think of the $billions that have been spent on PCI DSS compliance. And now Visa admits the dirty little secret: properly implemented EMV can do away with this expense. Where is that cost factored into the equation? Not in issuer basis points – no, it’s increased retail acceptance cost at the merchants and the acquiring ecosystem.

– And then there’s traveling abroad for Americans, or Canadians buying rental car gas in border states and always getting their cards declined. If the U.S. went EMV, every non-EMV enabled POS anywhere in the world would quickly be EMV enabled.

As the SCA does a great job of pulling together, it is really a matter of political will. Will Walmart and the NRF standby forever and leave this decision up to the brands? Can the we as American citizens stand by and let this stand? Wouldn’t it be prudent for some Fed regulation?

Angela Thomas
Angela Thomas
9 years ago

I’m Canadian, and in general we tend to assume that we are years behind the US in terms of all technological adoption – simultaneous US and Canadian releases of cell phones, video games, or other software feels like it is a rare thing, though I don’t have any actual numbers on that.

On a recent trip to Boston and NYC I was constantly surprised by store clerks and waitresses that looked at my chip card as if it was from outer space, or had no idea what I was talking about when I asked if I should use my chip or mag stripe (we’re still in the middle of the swipe-to-chip transition in my area of Canada, so you get in the habit of asking at the till which one the place you’re at wants you to use).

The chip is significantly more convenient and claimed to be safer, and I was very surprised that we lot up here in Soviet Canuckistan were somehow ahead of the US by quite a bit on this one. Perhaps our upgrade costs were less because we have such a small population, or perhaps our government mandated the change?

I’d be interested in finding out what motivated Canadian businesses and banks to switch to the chip+magstripe cards here, yet left American banks unconvinced of its worth, if anyone reading this knows the reasons.

9 years ago

I have had a credit card since I was 18 years old and away at college. Fortunately, I wasn’t stupid enough to run up a load of debt, but since obtaining my first credit card 15 years ago, I have had my identity stolen three times. It is frustrating and leaves you with a real sense of distrust for anyone who is swiping your card.

If the credit card companies in the US could just get this type of technology on the forefront of their radars, they and we consumers could save soooo much money. My husband has never had his identity stolen, (which is no surprise since women are 26% more likely to have their’s stolen).

Whether the chip gets put in my debit card or my credit cards, something should be done. As of right now, I am paying a monthly fee to have my entire family’s identity and credit protected–yes, even my kids since they can easily have their identities stolen and wouldn’t know it for years–through Identity Guard. Even if I can pull our credit reports every year, I still think having someone monitoring all of us 24 hours a day, 7 days a week, 365 days a year is worth my peace of mind.