US banks going full-tilt for EMV in wake of Target breach

US banks going full-tilt for EMV in wake of Target breach

Spurred on by the fall-out from last year's Target data breach, 86% of US financial institutions plan to begin issuing EMV-based chip cards within the next two years, according to the annual debit issuer report from Pulse.

The Target breach impacted every one of the 71 financial institution that participated in the study, causing fraud loss rates to increase in 2013 and compelling issuers to re-evaluate their strategies for improving card security in 2014, the study found.

Prior to the Target incident, many financial institutions were hesitant to commit to EMV because of uncertainty around retailer adoption of chip card point-of-sale terminals, questions about the viability of the business case for migrating from magnetic stripe cards to chip cards, as well as unresolved issues related to regulation and support for merchant routing choice.

With the Target incident seen as a watershed, 86% of financial institutions stated that they plan to begin issuing EMV cards in the next two years, a significant increase from 50% in 2012.

Migration to EMV debit cards will begin in earnest in early 2015, says the report, and will span approximately three years, with many issuers attempting to provide chip cards to their international travelers and heavy debit users in advance of the liability shift in October 2015.

"We were quite surprised by the across-the-board embrace of EMV by debit issuers," says Tony Hayes, a partner at Oliver Wyman who co-led the study. "There has been a dramatic shift from issuers' tepid interest last year to their active plans to implement EMV beginning in 2015."

Comments: (2)

A Finextra member
A Finextra member 26 June, 2014, 09:461 like 1 like

The Target breach has undoubtedly acted as a call to action for the US payments industry and has indeed spurred the adoption of EMV and largely silenced the sceptics. But while EMV adoption will radically reduce the growing incidence of face-to-face card fraud, the impact of data breaches will only be substantially mitigated by tokenization being adopted by all 'card-on-file' merchants. If card details are replaced by aliases, which themselves are constrained to usage in a single channel or even at a single merchant, stealing these tokens becomes a futile exercise, but no doubt the hackers will turn their attention somewhere else...

A Finextra member
A Finextra member 26 June, 2014, 15:311 like 1 like

It's right to say that EMV adoption will shift fraud from card-present to card-not-present channels. However, we need to be careful about the expectations that tokenization could reduce e-commerce fraud. In the tokenization framework proposed by EMVCo, tokens are created from the original card data, including the PAN, and revert to the original card data for processing. Some of the proposals to apply this framework will require e-commerce merchants to collect and handle card data including the PAN. If the card-on-file database is converted to tokens, it may present less of a risk, but as we saw with Target, the point-of-sale infrastructure can be breached to capture card details as consumers present them.