20 October 2014

US banks going full-tilt for EMV in wake of Target breach

26 June 2014  |  7034 views  |  2 card chip

Spurred on by the fall-out from last year's Target data breach, 86% of US financial institutions plan to begin issuing EMV-based chip cards within the next two years, according to the annual debit issuer report from Pulse.

The Target breach impacted every one of the 71 financial institution that participated in the study, causing fraud loss rates to increase in 2013 and compelling issuers to re-evaluate their strategies for improving card security in 2014, the study found.

Prior to the Target incident, many financial institutions were hesitant to commit to EMV because of uncertainty around retailer adoption of chip card point-of-sale terminals, questions about the viability of the business case for migrating from magnetic stripe cards to chip cards, as well as unresolved issues related to regulation and support for merchant routing choice.

With the Target incident seen as a watershed, 86% of financial institutions stated that they plan to begin issuing EMV cards in the next two years, a significant increase from 50% in 2012.

Migration to EMV debit cards will begin in earnest in early 2015, says the report, and will span approximately three years, with many issuers attempting to provide chip cards to their international travelers and heavy debit users in advance of the liability shift in October 2015.

"We were quite surprised by the across-the-board embrace of EMV by debit issuers," says Tony Hayes, a partner at Oliver Wyman who co-led the study. "There has been a dramatic shift from issuers' tepid interest last year to their active plans to implement EMV beginning in 2015."
KeywordsEFTPOS

Comments: (2)

Nigel Beatty - Aconite Technology Ltd - London | 26 June, 2014, 09:46

The Target breach has undoubtedly acted as a call to action for the US payments industry and has indeed spurred the adoption of EMV and largely silenced the sceptics. But while EMV adoption will radically reduce the growing incidence of face-to-face card fraud, the impact of data breaches will only be substantially mitigated by tokenization being adopted by all 'card-on-file' merchants. If card details are replaced by aliases, which themselves are constrained to usage in a single channel or even at a single merchant, stealing these tokens becomes a futile exercise, but no doubt the hackers will turn their attention somewhere else...

 1 thumb up! (Log in to thumb up)
Kai Johnson - Sutton Abinger - San Diego | 26 June, 2014, 15:31

It's right to say that EMV adoption will shift fraud from card-present to card-not-present channels. However, we need to be careful about the expectations that tokenization could reduce e-commerce fraud. In the tokenization framework proposed by EMVCo, tokens are created from the original card data, including the PAN, and revert to the original card data for processing. Some of the proposals to apply this framework will require e-commerce merchants to collect and handle card data including the PAN. If the card-on-file database is converted to tokens, it may present less of a risk, but as we saw with Target, the point-of-sale infrastructure can be breached to capture card details as consumers present them.

 1 thumb up! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

29 April, 2014
07 March, 2014
05 March, 2014
11 February, 2014
07 February, 2014
05 February, 2014
16 January, 2014
14 January, 2014
10 January, 2014
20 December, 2013

Related company news

 

Featured job

Competitive base, bonus, full benefits
London / Anywhere, UK

Find your next job