When major card networks revealed the EMV chip card liability shift timeline four years ago, the Merchant Advisory Group was quick to make its stance clear: A conversion to chip cards won't mean a thing without a PIN authorization to go with it.
On the eve of the liability shift Oct. 1, a date in which merchants not able to accept chip-based cards absorb costs associated with counterfeit fraud at the point of sale, the MAG is still trying to make its voice heard.
The long-awaited conversion to chip cards seeks to replace magnetic-stripe technology on the back of cards, which fraudsters find easy to steal and duplicate.
"We've been sort of shouting in the dark for a long time," said Mark Horwedel, CEO of the MAG. "But I think the messages are finally starting to sink in a little bit, and we'll eventually see a move to PIN."
That move would come in place of chip-and-signature, the technology most issuing banks are embracing for the U.S. migration.
Visa Inc., in particular, has supported signature as a way to decrease costs, quicken the pace of the EMV migration, and not alter consumer credit-card habits when already asking them to stop card swiping at the point of sale and change to dipping chip cards into readers.
"We are not buying the networks' line that this is in the best interest of the consumer," Horwedel said during a media conference call. "We know the public prefers PIN."
The MAG has emphasized a few key points during the EMV migration process and hasn't wavered from its stance along the way.
In addition to the major complaint against chip-and-signature, which means a fraudster could still use a stolen or lost EMV card to complete a transaction, the group contends the networks gave the U.S. less time to prepare [four years] than in other countries. The MAG says Canada had seven years to prepare in a far smaller financial market.
U.S. merchants also were put behind schedule by the lingering EMV debit routing issue, a debate over who would provide and govern the technology needed to comply with a Durbin amendment routing network mandate.
"The networks failed to deliver debit specifications early enough for many to get converted over, yet they picked the Oct. 1 liability shift date before they even knew how they would deal with debit," Horwedel said.
While EMV is a security tool to address counterfeit fraud at the point of sale, the payments industry has not developed strong security measures for e-commerce, where fraudsters are certain to attack, Horwedel added.
Thus, the MAG's overall view of EMV is that merchants are paying up to 75% of the costs to adhere to the liability shift, but also likely to deal with even more fraud overall if they also have an e-commerce presence, an arena in which they already pay a premium to accept online card payments.
The tension between merchants and the major card networks dates well past the announcement of an EMV migration in the U.S., with much focus on hefty interchange costs and Payment Card Industry security standards compliance and accompanying fees.
"Some merchants and groups will criticize anything that has a cost associated with it," said Heartland Payment Systems CEO Bob Carr in a previous PaymentsSource
But merchants have good reasons for their discomfort with the card networks, Carr said.
"I think the card companies are their own worst enemies because they make outrageous profit margins, which is public information," Carr said.
When merchants having trouble making 10% profit margins are "paying outlandish amounts of money to a card organization making a 58% profit margin, they are going to be angry," Carr added.
Unfortunately, it has created an industry in which too many merchants have "a knee-jerk reaction" to every measure or technology being proposed, Carr said. "Some of it should be getting serious consideration," he added.
From Heartland's standpoint, EMV represents "a very good solution," Carr said. "The bad guys cannot get the card numbers and security codes. Plus, why everyone is not encrypting all of the data all of the time, I just don't know."
Stephanie Ericksen, vice president of risk products for Visa Inc., said the card brand is forecasting that 63% of all cards will be EMV by the end of the year.
Ericksen sees that number rising rapidly moving into 2016 and feels merchants of all sizes will get on the EMV wagon before long. For some small merchants, the conversion to EMV will result in better security at minimal cost, plus possibly a better processing contract, Ericksen said
In addition, the liability shift won't create a frenzy of fraud and leaving merchants holding the bag on every single transaction that results in a chargeback.
"Most issuers don't charge back for counterfeit fraud for less than $25 or $35 because the cost of the chargeback is more than that in terms of processing," Ericksen said. "Some merchants may not be charged for all chargebacks in their stores because the issuer is going to look at the economics of the operational costs."
Ideally, a retailer wants to authenticate with a PIN on higher-value transactions, said Liz Garner, vice president at the MAG. "The decision to not put PIN on these types of transactions is not about better payment card security," Garner said.
Plus, Garner added, studies have shown that millennial consumers favor the use of PINs, countering the networks' contention that consumers don't like the extra security code.
Essentially, a best-case scenario for all might be for issuers to pick up liability costs for low-value transactions, chip-and-signature to take place for those up to maybe $300 and the PIN being needed for any transaction above that threshold.
But the payments industry seems to be stuck in a mode similar to the current political atmosphere in Congress. Striking a compromise deal doesn't seem to be in the payments cards.
"There is always talk about something better, maybe biometrics, to replace PIN," Horwedel said. "But there is no timeline for that, and it's all still in the development stage."
Still, the MAG feels "there is some movement on the banks' side" to move the EMV chip migration toward adding PIN authorization, Horwedel said. "We think maybe the card networks have to be embarrassed into finding out [that PIN is the best option]," he added.
