The card networks' EMV dilemma
By Daryl Cornell, CEO, Triton
How hard and often can you hammer on your customers before they revolt?
How indispensible is your product or service, really?
Is disruptive technology waiting out there to step in and "Uber" you?
It appears that the card brands will learn the answers to these and other questions as early as this year.
In an effort to offload billions of dollars in annual fraud costs to banks, processors, merchants, ISOs and IADs, MasterCard, Visa, American Express and Discover hatched a scheme several years ago to bring EMV to the U.S.
The beauty of the plan, which they named "the liability shift," was that it could be sold as voluntary, secure and customer-friendly.
Payments industry participants could decide for themselves whether the economics justified the high price of conversion (not heavy-handed).
Customers could rest assured that implementing EMV would drastically reduce both fraud and the resulting customer inconvenience (good corporate citizens).
Meanwhile, EMV would be brought to the U.S. at little or no cost to the card brands.
The economics of the card payment business model is all about transactions. The card brands' ability to pawn off fraud losses and the cost of EMV conversion without invoking the wrath of regulators depends heavily on the three-legged stool of improved security, consumer protection and voluntary implementation.
The fateful PIN decision
With few exceptions (e.g., Target and First Niagara Bank), issuers and banks decided that a premature move to the more secure chip-and-PIN format — as opposed to chip and signature — might cause consumers to push their card to "back-of-wallet."
In a country where the average consumer carries three to five credit cards and where credit PIN is almost nonexistent, this degree of change was viewed by issuers and card brands as extremely risky to transaction volumes.
The problem is that, unlike most of the rest of the world, Americans have never embraced PIN-based credit transactions. The ubiquity of signature terminals, signature waivers and the historic card brand absorption of fraud losses has ensured that credit PINs mailed to U.S. customers largely end up lost or discarded.
Hence the dilemma for the card brands: U.S. conversion to PIN credit or security-and-consumer-protection hypocrisy?
Faced with the potential for billions of dollars in lost transactions and the need to retrain cardholders to use a PIN with their credit card, guess which approach prevailed with the card brands? As a result, nearly all newly issued U.S. credit cards contain both an EMV chip and a magnetic stripe for "fallback."
The chargeback avalanche
Fast-forward to 2016: Six months after the POS liability shift, merchants are feeling the pain. According to the Merchant Advisory Group, chargebacks are already running up to $10,000 weekly for smaller merchants and up to $1 million weekly for larger ones.
To be fair, many merchants frittered away much of the four-year window provided for the "optional" upgrade to EMV. Now they are scrambling to install hardware to ward off an incoming tide of chargebacks.
Merchants also are screaming that their processors are not ready and the card brands knew that four years was not enough time to implement EMV.
To make things worse, chargeback losses have been magnified by the issuers' decision to retain the magnetic stripe, which facilitates card fraud. Congress has begun sniffing around and already lawyers are salivating at the thought of bringing large class action suits against the deep-pocketed card brands, the issuing banks and EMVCo itself.
The next shoe to drop
Approaching liability shifts for ATMs (Mastercard in October 2016, Visa in October 2017) and gas pumps (October 2017 for both brands) mean that these owners are next in line for a chargeback thumping.
These devices present much easier and more lucrative targets for fraudsters than do POS devices. Unfortunately, their owners are generally no more prepared for EMV than merchants were, and the potential chargebacks will likely dwarf those at POS terminals.
In addition, without an upgrade path, many aging ATMs and gas pumps will require wholesale replacement in the next six to 18 months. Look for chargeback carnage coming soon to this space.
Blinded by the financial windfall of offloading billions in fraud losses to their own customers, the card brands now face serious risks on a number of fronts, including:
- a return to cash. Merchants fed up with devastating chargebacks might simply refuse to accept credit cards. The installation of a retail ATM with a nominal or nonexistent surcharge would afford customers convenient access to cash. Much of the additional till cash generated can be efficiently recycled through the ATM itself.
- regulatory risk. Democratic Senator Charles Schumer (notably, a member of The Senate Committee on Banking, Housing and Urban Affairs) and others in Washington are already sniffing around EMVCo, inquiring about its ownership and influence in the payments space. Could expanded financial regulation result from the liability shift — and at what price to the card brands?
- legal risk. With lawsuits already filed and threatening class action, what might be the legal and public relations costs to the card brands of a protracted and very public battle?
- disruptive technology. Perhaps the greatest threat to the card brands is their opening the door to being "Ubered" by newer technologies and operating models. Not an aggregator like Apple Pay, mind you, but a true, low-cost alternative to the card brands. To date, the ubiquity and the entrenched longevity of credit and debit have effectively blocked the widespread adoption of any new payment entrant. But might an alienated and angry merchant base now be receptive to ditching plastic in favor of a friendlier alternative?
- Unlike the rest of the world, the U.S. has embarked on the conversion to EMV without a regulatory mandate. Wouldn't it be ironic if, instead of digging themselves out from heavy fraud losses, the card brands instead ended up digging their own graves?
This article was republished, with permission, from the Triton blog, atmAToM.