Another company's comments on US migration to EMV

What you get out of this article depends a lot on who you are, what previous exposure you’ve had to EMV, its adoption outside of the US, and any inside knowledge you may have about the major players who will influence EMV adoption inside the US. One thing I’m sure of, no matter who you are, is that you don’t know everything. At best, you’re able to make only an informed prediction, as to the when and the how. Something you can be more sure of is that EMV is coming. Even this isn’t certain, but absent of worldwide economic financial collapse, global thermonuclear war, or judgment day, it’s a pretty safe bet.

Why is it a safe bet? Is it because Visa and MasterCard said so? Well, not in isolation, but those mandates they’ve published are a pretty good indication. It is a safe bet because:

• Much of the world has already migrated (Europe, Australia, Japan, Middle-East), and its been going pretty well there.
• Fraud navigates through the path of least resistance.
• Its just plain better than the pervasive technology used today.

Remember your desktop computer? Remember your CRT monitor? Your cell phone that could only make and receive calls? That’s analogous to what the US is using today in terms of card-based transactions. I’m from the US, but I’ve travelled a lot internationally, and I’m tired of the looks I get from retail staff when I’m abroad and present my non-chip card for payment. It has been rare that I can’t eventually use my card, but frequent that the clerk I’ve gone to has to go find someone else on staff who is a bit long in the tooth and remembers these antiquated mag-stripe cards that this American has, and how to process them.

What is EMV? That’s a big topic; too big for this little article. You probably already know where the name comes from. If you’re from the US and have never had a passport, you may not know what Europay is, but don’t worry, you’re isolation has served you well, and you no longer need to know, because it no longer exists as a separate entity. That’s actually a good clue that EMV is not a new technology. It has been around a while, and the technology its founded on has been around even longer. I’ve been in payments for 20 years, and there aren’t many of those years that didn’t involve EMV, or at least its smart card predecessors. If you want to understand more about the internals of EMV, Google is your friend, and much of the documentation is freely available. There’s a level of acronyms and technical terms you’ll need to know and understand to have a basic understanding (a starter list might be VSDC, m-Chip, cryptogram, ICC, and NFC). If you want to know more, or are involved in application development anywhere along the payment value chain, there’s a lot more (SDA, DDA, fDDA, ARQC, ARPC, ISR, AID, and on and on).

The payment industry is filled with standards. We’ve got ISO this, ANSI that, PCI, and the list goes on. The problem is that with most of these so called standards, they end up, in practice, being somewhere between a standard and a framework. They have many options, many “flavors”, customization, and they evolve over time. EMV is such a standard. In addition, consider that the US is a market, not an entity. The way in which that market chooses to migrate to EMV is going to be a blend of how all the individual entities within that market choose to migrate to EMV. It won’t be a total free-for-all; there are committees and special interest groups that are helping to steer the migration, but it still won’t be a one-size-fits-all situation. This isn’t a green-field environment, but rather a mature market with well established players. Those players have vested interests, and what one Issuer chooses to do won’t always be the same as what another Issuer chooses to do. This is the same all along the chain. Card schemes, debit networks, processors, merchants, and the lowly card-holder, all have their own drivers, and will make different decisions to a varying degree within this overall EMV framework. And what does this mean in the end? It means that there isn’t a whole lot in EMV you can categorically ignore, unless you are somehow working within a very limited scope.

I like quotes, and I find Latin quotes seem somehow more insightful. So, I’ll summarize my comments here using two I’ve encountered over the years:

1. Malum consilium quod mutari non potest. – “It is an ill plan, which cannot be changed.”
   The way in which the US migrates to EMV will not be homogeneous, and it will evolve. You, your business, and your IT will need to be flexible, and adaptable to change.
2. Leve fit, quod bene fertur, onus. – “A burden well carried becomes light.”
   The migration to EMV is a big thing. It won’t be too long before we (in the US) regard our current mag-stripe card technology as we now regard those briefcase-sized cellular telephones we had not so many years ago. IT-based businesses should consider investing in new tools and new technology, in order to better adapt to this changing landscape.