Why Did Most Merchants Miss The EMV Deadline? Many Reasons, But Complexity Is The Top
With the liability shift and October already here, where are all the EMV-compliant merchants? Many are still waiting for software updates. And why is that, given how many years everyone has known about the October 2015 cutover? Seems that the U.S. payments processing space is a lot more complicated than even the payment itself realized, according to Randy Vanderhoof, who, as executive director of the Smart Card Alliance, is the industry’s chief EMV cheerleader.
Vanderhoof concedes that most U.S. merchants—60-65 percent, he said—are not EMV compliant today and he blames that on several factors. But payments complexity—and good old-fashioned procrastination—are at the top of his list.
(Note: There is of particular concern for smaller merchants, who are finding a complete absence of a chip-and-PIN ROI.)
“The U.S. market is the most complex payments processing market in the world because we have multiple parties involved in managing the retail POS systems and multiple parties engaged in the processing and acquiring of payment transactions,” Vanderhoof said. “In other countries, other markets, the major banks who were then issuers were also the acquirers so they owned the terminals in those merchant locations. They invested in the cards and the terminals and their own banking acquiring network. In the U.S., financial institutions are separated from the merchants and acquirers. This means that there needs to be independent investments and alignments.”
Another element of complexity is not the number of industry players but the number of functions that POS systems are expected to handle. Retailers “use third-party software vendors with retail POS and those POS manage everything from inventory to payroll to customer service records to timekeeping,” he said. “So that software has evolved over time to integrate payment with all of those other functions. When EMV came along, it all needed to undergo major changes in order to accept EMV payments. Lots of end-to-end testing and certification.”
That could explain why it would take a long time, but all of that was known years ago when the deadlines were first announced. Why didn’t companies start sooner? Well, beyond the fact that we Americans almost never take a deadline seriously until it’s around the corner, there’s another psychological factor. A multi-year deadline in retail IT often means that it will fall on someone’s else watch. That doesn’t mean it can be ignored, but it’s certainly going to be triaged at a very low level. Certainly the IT fire du jour will take priority.
But Vanderhoof sees other factors as well. “On the payment processing and acquiring side, the magstripe had become so commoditized. Not much attention was paid at the time of the liability shift (announcement) to try and understand the level of complexity,” he said. “There was that fact that those middle players did not take it seriously soon enough and they underestimated the effort that was required to complete the process.”
Then there were the global factors. Because EMV had been successfully deployed in so many other geographies, there was a general belief that lessons learned there would make the U.S. transition relatively easy. But, Vanderhoof argues, the U.S. payments space is radically different from many of those earlier EMV converts so the applicability of those lessons learned was extremely limited.
“There was an overreliance that the U.S. was just going to follow what was done in other countries without recognizing that the U.S. is significantly different,” Vanderhoof said. “Debit cards and debit routing regulated under Durban rules, this was not something that merchants anywhere else had to deal with.”
Next complicating factor: mobile. During much of the 3-year warning to shift to EMV, retailers were bombarded with promises—many of them bogus at the time, but no need to go there—that mobile payments were imminent and that they would deliver many of the security and other benefits promised by EMV. Although Vanderhoof wouldn’t say that those retail IT and treasury executives were preparing to support the mobile shiny objects instead of EMV, he did say that they were distracted by it, as retail tried various mobile payment trials. In effect, they were taking IT resources and funding that could have gone to EMV preparations and diverting them to those mobile experiments.
“There was an eagerness to embrace mobile and a later understanding that mobile was going to bring with it more complexity than had been expected,” Vanderhoof said, specifically citing Google Wallet, Softcard/ISIS, Apple Pay, MCX and PayPal. “Many of these Iterations of mobile wallets that have come and gone. And they have taken some of the resources away from focusing on EMV. This amounted to a diversion and a drain of resources that took away from looking 100 percent at EMV, although those (mobile) investments may pay off in the long run.”
Where does he see EMV numbers today? By the end of 2015, he projects that there will have been about 600 million EMV cards delivered to issuers and that about 55-60 percent of U.S. adults will have at least one EMV card by that time. By December 2016, he said, that figure should climb to about 70 percent of U.S. adults.
As for the percentage of merchants who can accept EMV cards—and the chip functionality specifically—Vanderhoof puts that at an anemic 35-40 percent today, edging up to 50 percent by New Year’s Eve 2015 and about 70 percent by the end of 2016.
Vanderhoof also took the opportunity to argue why EMV signature is still the way to go. It’s accepted reality that EMV PIN is far more secure—which isn’t difficult, given that signature poses effectively no security nor authentication hurdles for fraudsters. But Vanderhoof argues that security isn’t the current objective: acceptance and use is.
His argument comes down to a simple point. Three things are essential for EMV to happen in the U.S.: enough cards must be made and distributed; enough merchants must be able to accept chip purchases; and enough consumers must use those EMV cards. If any one of those things fail, EMV doesn’t happen.
From that perspective, he said, the industry needs to look at what will make consumers use the cards. More so than in almost any other country, Vanderhoof argued, Americans are used to signature and are more comfortable with signature. Therefore, it makes sense, he argued, to use signature, knowing that security can always be upgraded down the road. But if acceptance doesn’t happen, nothing else matters.
“It is often cited that the rest of the world implemented EMV with PIN and the U.S. has gone against that by implementing EMV with signature. It is true that a majority of the other markets have gone chip and PIN,” but they made that choice because their consumers were more used to PIN than signature, Vanderhoof said. In other words, he’s arguing that the U.S. and other countries all did the same thing: they went for the path of least resistance with their consumers.
In the U.K., they originally used signature before switching to PIN, he said. And in Canada, 60-70 percent of all of their purchases were PIN debit. There was even a little geographic emotion, with Canada using to go EMV partly because the U.K. by then had done so. “Canadians more closely align themselves with Europe than with the U.S.,” Vanderhoof said.