Saturday marked one year since the deadline for retailers to officially switch over to EMV microchip cards. Tell us about how the transition has gone.
Mellody: It has gone fairly well, considering what a huge undertaking it is. It is no small thing to change how people pay for things with their credit or debit cards, especially when you consider the fact there are around 6 billion cards floating around in the U.S. alone. When you take that into account, moving to microchip cards has been mostly painless, and it has seen positive results when it comes to fraud prevention.
However, the process has not been without hiccups. For starters, there was a shortage of microchips for the new chip cards late last year, which slowed down the issuance of new cards. At this point, card issuers have overcome this hurdle, and most magnetic strip cards have been replaced by the chip cards. Mastercard reports their switchover rate was 88% at the end of July, and other companies like Visa have similar switchover rates. That’s progress, but it is slower than expected. And merchants have been slower to adopt the chip technology than anticipated, for a few reasons.
What impact has this had in counteracting fraud?
As you know, this whole migration to chip cards was made because card issuers, who were tired of picking up the tab for fraudulent charges, set the October 1, 2015 deadline for retailers to switch to chip cards or shoulder the liability for fraudulent transactions. Until October 1 of last year, card issuers were responsible for the vast majority of the fraud losses. A Federal Reserve report found that in 2011, card issuers had to cover 60 percent of all payment-card fraud losses. Those losses came from counterfeited, lost, or stolen cards, in instances when those cards were used at the point of transaction. Since the switchover, issuers have been the big beneficiaries, with all fraud transactions they cover declining, and counterfeit fraud specifically down more than a quarter from its peak in 2014.
What about retailers? How have they fared?
The results are more mixed for retailers. According to a survey released by a payments consulting firm, 44% of merchants have EMV terminals. However, just 29% are actually able to accept chip cards. There are a few reasons for these adoption statistics, which are lower than expected. The first? Some retailers did not understand the cost scale, or the frequency, of fraud. For example, many supermarkets have made the switch after picking up the tab for fraudulent charges over the course of the past year. Secondly, some retailers have not switched because they are generally not exposed to fraud. For example, dry cleaners are not normally fraud targets, because they do not have goods that fraudsters can buy then sell later. As such, they are less likely to convert to EMV terminals. In terms of merchants not accepting cards, it a different story. Merchants with new terminals need to get certified by card issuers, and the certification process has been slow. As i mentioned, 44% of retailers surveyed had the terminals, but just 29% are operational. That is because the card issuers have been slow to sign off on them.
When it comes to fraud, the results speak for themselves. According to Visa, merchants that had completed the transition to chip card terminals saw 47% less counterfeit fraud in May. For Mastercard, that number was 54% when comparing April 2015 and April 2016. Mastercard also noted that for merchants who had not yet adopted the chip card terminals, however, fraud costs had risen by 77% over that same period.
This sounds like good news. But these cards aren’t foolproof, are they?
No. Two big holes in this security process stand out. First, you may have noticed that I have not used the phrase chip and PIN. This is because we have not fully migrated to a system that requires the PIN, the most secure process. Right now, we are using a chip and signature system. This system still allows for lost and stolen cards to be used at terminals, unless merchants check identification, because a signature is all that is required.
The holdup is caused by a stalemate between issuers and merchants at the moment, and until it is resolved, there is still the possibility that someone can use your misplaced card for card-present fraudulent transactions. The second big hole is online purchases. No matter what the security process at terminals, as long as we are entering our card numbers manually for online shopping, there is a potential that fraudsters can access the data from companies that we purchase from, or use lost and stolen cards to make purchases online.