I finally received my very first EMV compliant piece of plastic from Citi this week. As I travel frequently to Asia and LATAM I’m very happy. This should help me avoid situations like being stuck at Vancouver Airport without anyway to buy a tram ticket from their ATM like ticket machine. Just one thing missing in the package.. a PIN. !!
I went online to see why there was no PIN https://www.citi.com/credit-cards/template.do?ID=chip-technology-questions
Can you believe it… we now have something unique to the US.. CHIP and SIGNATURE!?
From Chip and PIN to Chip and Choose? Visa wants encourage signature as these transactions must be routed through them.. my position (and that of most non network people) is that AUTHORIZATION and AUTHENTICATION are completely different problem sets. The availability of real time approval means nothing if you don’t know WHO you are approving for WHICH CARD. PIN answers the “who” question and the chip is the account number or “how” you are going to pay. I just can’t believe that Visa has come up with this story.. but they must in order to support “contactless”. Most consumers don’t know that today contactless transactions have limits. These limits are set by the issuer, in Europe they are typically around $25. However the issuer can choose to increase the limit (no PIN required), or require a PIN with a contactless payment. All of this is a little absurd for Visa as PIN is always viewed as key to authentication, AND Visa just waved the signature requirement for mobile payments. So no signature required for Square.. but Visa wants it optional at the merchant POS so it can retain the volume?…. Expect some Regulatory involvement here.
Large Merchants are very, very aware of this strategy to improve the credit transaction mix and make mobile/contactless payments a “premium” service. The top 20 retailers have put their foot down and said “no way” will we be putting contactless readers in our store (MCX members particularly). The terminals that they are ordering DO NOT have contactless capabilities.. only EMV chip and PIN. Most retailers agree that signature is a worthless authentication mechanism. Visa clings to signature in order to ensure transactions are routed through them. Expect MCX to look toward a PIN model..
So this EMV “battle” has many sides to it.. it impacts mobile payment adoption, EMV rollout, plastic re-issuer, consumer behavior, consolidation of national PIN debit networks, EMV compliant ATMs
So WHY chip and SIGNATURE? The 30 second summary is that “Perfect Authentication” is a Nightmare to Banks (see blog). If there is no risk.. then anyone can be a card issuer. (Credit risk as opposed to the billion dollar fraud/authorization systems).
- PIN is not a desirable consumer behavior, PIN is despised by both Banks and Visa
- Grease the skids for contactless EMV. Who wants to waive their phone and THEN enter a PIN!? Visa/MA understand that it makes no sense to force a PIN on plastic and provide a “pass” for a waive.
- PIN provides fantastic fraud prevention and therefore decreases the NEED for other risk management services (by Network and Bank)
- Ensure that transactions are routed through them (signature debit is primary transaction type at risk).
- The January 2013 Visa Mandate was a complete surprise to Issuers. I asked a top 3 card issuing CEO why did you commit to EMV. “Tom I found out about it the way you did, in a press release.. Visa has yet to come by my office to discuss EMV”. This gives you an idea on issuer relations. Why did Visa push EMV? to encourage reterminalization and enable mobile (credit card) payments. Visa knew the big issuers would hate it.. but the Chip and Signature was a “meet in the middle” strategy. Visa created opportunity to enable contactless, and big issuers kept their PIN less advantages.
- Shifts Fraud to Merchants who do not have compliant POS payment terminals
- Allows large banks to continue to leverage their multi billion dollar investment in fraud infrastructure (Signature + $$ Fraud Infrastructure == security of Chip and PIN)
- Keeps consumer behavior away from PIN
- Big banks win, enabling them to leverage multi-billion dollar fraud system investments at the expense of smaller banks. Banks that can not make the investments will be challenge to support contactless, or EMV, without PIN. This again demonstrates how large banks continue to exert substantial leverage over the card networks in rule making and incentives.
- The only EMV products coming out in the US are Credit based. Payment strategy is centered around increasing consumer use of credit card products.
- See my blog on PIN Debit (Signature Debit is Dead).,PIN Debit enjoys a slightly higher growth rate (15.6% vs 14.3%), consumer preference (48% vs 34%), lower fraud rate (2009 fraud numbers: Signature $1.12B, $181M PIN debit card), and obvious merchant preferences (interchange and fraud; 96% of PIN fraud losses assumed by issuers, vs 56% in Signature). Source FRB report
We have an environment where Large Banks and Networks are purposely rolling out a less secure payment product. From the FRP report http://www.frbatlanta.org/documents/rprf/rprf_pubs/120111_wp.pdf
Obviously PIN is more secure, and DEBIT is where EMV should be focused.. But banks DON’T WANT TO MAKE DEBIT SECURE (no margin here). To a non-payments geek this must look completely insane. Is there any wonder that large merchants are working together on a new payment network (MCX)? To understand the payments industry you must throw out all logic.. and look at the incentives. Moves here are NOT logical.. Networks are measured on volume, the entities which are in control of volume are Issuers (switch portfolios). Merchants are motivated by cost of acceptance.