Analyst Corner

Stupid Is as Stupid Does – EMV Mess

Categories: Uncategorized

There is an old saying, “Pigs get fat, hogs get slaughtered.”  There is no hog more deserving to get slaughtered in the retail landscape than the merchant/acquiring banks in the US PCI/EMV debacle with Visa/Mastercard/AMEX.

As we all know October 1st was the deadline for the EMV mandate in the US for most retailers.  As we stated in our research EMV: Retail’s $35Billion “Money Pit”, the solution mandated by the card brands and the banks is not security at all and simply forces a tax on retailers.  It slows the transaction 3-8 seconds and doesn’t even validate that the user of the card is legitimate card user.  And does absolutely nothing for online or mobile fraud.

So it’s not surprising that only 6% of merchants made the mandate deadline and according to the latest research released at the NRF show, only 8.5% of merchants are EMV ready now.

But it is the stories from frustrated CIOs we heard that are the real kicker.

When banks sent retailers that were not EMV compliant the bills for fraudulent transactions as promised, they sent every single chargeback…even the ones the guidelines say the retailers were not liable for!  Lost and stolen cards are not supposed to be charged to the retailers for fraudulent transactions.  So for instance, if I stole your chip card and went to store and used…that is a legitimate card, but I’m not a legitimate user.  EMV as implemented as chip and signature would not catch me doing if you had not reported it lost or stolen yet.  But because of greed and/or laziness from the banks, all of these charges are being passed on to the retailers.

This has caused a problem…retailers need an audit trail of the card information to fight the charges from the bank.  So what is logically happening?

Retailers are actually having to store Track 2 data for the only purpose to have an audit trail to go back and fight the merchant and acquiring banks.  Thus, the original intent of retailers not storing Track 2 data, which was what the PCI guidelines were all about and then EMV…the banks are actually creating the issue that is making retailers a continual target for data breaches and stolen cards.

If it sounds like I’m pissed off about this, you are absolutely right.  This is just stupid and completely based on greed from the banks and card brands.  And it’s killing real security and swallowing crucial budget that retailers need to create a better experience for shoppers.

And payments solutions comprise an industry that is ripe for disruption.  Whoever comes up with a payment solution that is faster and cheaper for retailers will own the payment space. In Africa and India, the cell phone carrier is the credit/debit card.  I’m openly rooting for Verizon, AT&T, T-Mobile, Sprint to get into the payment space.  If they do and are smart enough to come in with a faster and cheaper solution, we will have Uberization of the banks….and they deserve it.