This report reviews the entire card payment process and the mystery around the processing of credit cards and debit cards; “Where there’s mystery there’s margin.” Further, we review the PCI process and provide insight into the numerous data breaches of the last 2 years. What caused them? Why is PCI only done as an event and not a process (hint: overwhelming cost)?
Next we explain what EMV is, why it is different in the US than the rest of the world and why we believe it will be a disaster when rolled out in October for most of retail.
Then we look at the readiness of the different stakeholders in the process and the great disconnect between what people expect the impact on transaction speed is and what the reality is. (It ain’t pretty).
After this we talk about how EMV is only part of a security solution and really the least important for where retailers want to go and then recommend a better way.
We end with recommendations for retailers, vendors, and consultancies as to how to approach EMV.
Format: SlideDoc - Can be read as document or used as presentation format.
Table of Contents
Summary of Findings
i.. Total Card Revenue vs Fraud
ii. ROI Calculations
1.0 The Payments Process
1.1 Pitfalls to PCI Process
1.2 Frustrations of the Breaches
2.0 EMV is Coming
2.1 Promised Benefits
2.2 EMV in US – Why s it Different?
2.3 Current Retail Readiness
2.4 The Elephant in the Room
2.5 What About the Consumer?
3.0 Vendor Readiness
3.1 Many Vendors Will Not Be Ready
3.2 Vendor Cost for EMV – Someone Has to Pay
3.3 Cost Per Application
4.0 The Great Disconnect
4.1 Transaction Delays for Core Standard POS
4.2 Transaction Delays for Mobile POS
5.0 Why EMV Is Only Part of Solution
5.1 EMV Will Not Stop Security Breaches
6.0 A Much Better Way
6.1 Protecting All Transactions
6.2 Special Considerations for Online Transactions
7.0 What IHL Recommends
List of Figures
Figure 1 – Average 3yr Return for $1B Retailer
Figure 2 – Total Card Transactions/Card Fraud/EMV Cost
Figure 3 – Return on Investment (ROI) Calculations for $1B Specialty Store
Figure 4 -Data Security as Percentage of IT Budget
Figure 5 – % of Data Security Budget Taken Up by PCI
Figure 6 – How Most Critical Vulnerabilities Can Be Mitigated
Figure 7 – Payment Security Readiness by Retailers by Technology
Figure 8 – Current Readiness for EMV of Payment Ecosystem
Figure 9 – When Will Vendors Be Ready for EMV By Application Type
Figure 10 – Vendor Costs Per Application Type for EMV
Figure 11 – Average Cost Per POS Application for EMV Change
Figure 12 – Impact on Transaction Speed for Traditional POS
Figure 13 – Impact on Transaction Speed for Mobile POS Transaction
Figure 14 – Why EMV Only Part of Solution
Is EMV “Chip and PIN”?
No, although it is used synonymously with the term EMV much the same way Xerox is used for copying or Coke for soda, EMV as it is being deployed in the US does not include a PIN. Consumers can request a PIN, but the standard deployment is currently planned to be Chip and Signature which will require a signature like cards today.
Why is EMV Different in the US?
That is a great question. The main answer comes down to that the average US adult has 5-7 different Visa or MasterCards on their name. The belief from the 1,200 issuers of these cards is that consumers will limit their use to only a few if a PIN is required.
Does this study look at the costs of EMV for retailers?
Yes, not only do we discuss the hard costs, but also the additional soft costs of additional labor due to longer lines and lost cards.
Can I share this study in my company?
Yes, if you purchase the Enterprise License you can share this with your company.
Can I share this study with partners and clients?
Only if you purchase the Distributable License Option.
Can I quote this study in my presentations and press releases? In most cases this is fine for charts and quotes to be used in presentations but we ask that you run it by us first at ihl(at)ihlservices.com. Typically things shared in percentages (ie. this is 20% increase) then that is fine.
Was this a survey or a paper?
A little of both. There are actually 3 different primary research studies combined into the data presented as well as external data. Two studies surveyed retailers, and one surveyed POS Vendors and their readiness.
Can I get access to the analysts who wrote or partnered in the study?
Yes, one of the core differentiators of IHL Research Studies is that included in part of the price is up to 30 minutes with the analyst to ask follow-up questions or dig further into any assumptions. This does not extend to getting more data, just better insight into how we arrived at the data and came to the conclusions from that data. Simply contact us at ihl(at)ihlservices.com or +1.615-591-2955
Single User License – a lower priced license that is designed for use for a single user, not to be shared internal with other users or externally to partner, customers or other parties.
Enterprise License – a license that allows for the research to be accessed and shared internally with anyone else within the organization and wholly owned subsidiaries.
Distributable License – a license that allows for the company purchasing to distribute content to customers and potential customers for lead generation activities and potential institutional investors. This does not extend to sharing with other partners or individual partners. The research must be located with gated access and not posted on open websites.
IHL Group License and Fair Use Agreement
All of IHL Group’s generally available research are electronic licenses and are limited by the license type chosen for purchase. For Single User Licenses this means that the person buying the research is the only person to use the research.
For Enterprise Licenses, these can be shared freely within the company. We only ask that this information not be shared with partners or others outside the purchasing company without authorization from IHL Group. The license does not extend to joint ventures or other partnerships. If the relationship is not a wholly-owned subsidiary, then both parties would need a license.
Practically, this implies the following:
- The purchasing company can use the data and research worldwide internally as long as the international organizations are wholly owned subsidiaries of the purchasing company.
- The data or any research cannot be distributed in whole or in part to partners or customers without express written approval from IHL Group.
- The purchasing company may quote components of the data (limited use) in presentations to customers such as specific charts. This is limited to percentage components, not individual unit information. Unit data cannot be shared externally without express written approval from IHL Group. All references to the data in presentations should include credit to IHL Group for the data.
- The purchasing company can reference qualitative quotes in printed material with written approval from IHL Group.
- All requests requiring written approval should be submitted to ihl(at)ihlservices.com and will be reviewed within one business day.
For Distributed Licenses, if applicable, the research can be shared with prospective customers and potential institutional investors. It cannot be shared with partners or other vendors who should be purchasing their own licenses.
For any questions regarding this policy, please contact us at 1-888-IHL-6777 (North America) +1.615.591.2955 (International) or email us at ihl(at)ihlservices.com.