MasterCard Clarifies Its EMV Plans, Paints An EMV E-Commerce Future

Tools

MasterCard has clarified its EMV push policies, saying its campaign will be focused solely on direct data breaches (as in a wide-scale attack on servers stealing millions of card numbers). Its second campaign will deal with individual fraud (as in consumers losing their cards and someone finding them and then running up charges).

But the number-two card brand also spoke of a near-term future where E-Commerce will be able to use the EMV chip to authenticate and process E-Commerce and M-Commerce transactions. However, will consumers pay more for laptops that can handle such security? And will tablets and smartphones—which can more easily and more cost-effectively handle such technologies—grow quickly enough to make desktop/laptop enhancements irrelevant?

A key part of the new MasterCard plan, which is very similar to a previously announced Visa plan (other than MasterCard embracing PIN and Visa preferring to avoid PIN), deals with two programs. The first, called MasterCard ADC (Account Data Compromise) relief, is slated to start in October 2013 and complete in October 2015. That program requires a retailer to use EMV contactless-and-contact terminals for 75 percent of all in-store transactions. (The card brand actually said all transactions, later clarifying it to mean only in-store, which reveals more anti-E-Commerce prejudice than MasterCard intended.)

The ADC incentive is that it will shift the cost of data breaches—including the cost of reimbursing issuers for distributing new cards and the cost of unauthorized transactions—to the issuers, said Colin McGrath, the MasterCard VP for U.S. market development. It will do so halfway (50 percent) by that October 2013 date, and it will reach 100 percent relief two years later.

The next program, called the MasterCard liability hierarchy, deals with all of the other types of fraud, including where consumers lose a payment card and someone finds it and then runs up charges. That program is sort of a seesaw, where the question of whether the retailer or the issuer pays the freight gets influenced by which side has, in MasterCard's view, the better security. This gets into the PIN versus signature issue, with MasterCard using this incentive to push retailers and issuers to embrace PIN.McGrath also spoke of an E-Commerce future where EMV is used to authenticate online transactions and referenced a deal MasterCard announced in November 2011 with Intel, in which the chipmaker will add in a wide range of security capabilities—including the ability to interact with EMV chips—in future hardware.

He argues that some of these equipped systems may not need any add-ons—such as a USB device into which an EMV card could be inserted—and would simply wirelessly detect and interact with the card or the mobile device. "It may not require the consumers to adopt anything," he said.

Adopt something? Maybe not. But agree to pay for higher priced hardware? Almost certainly. Unless someone such as MasterCard chooses to highly subsidize the enhanced hardware (quite unlikely), the cost is likely to discourage purchases. Indeed, there are many who question how many years of useful life desktops and laptops have, in an increasingly smartphone- and tablet-oriented world.

On the plus side, E-tailers are unlikely to need to do a lot of expensive changes to accommodate these authentications, as opposed to in-store efforts to deal with mobile coupons and mobile CRM. The in-store challenge is that they can't wait until enough consumers have such functionality. Processors will make the acceptance of these authentications simple. The question is whether any consumer transactions will be using them for years. Most likely, in-store mobile transactions—using one of the many wallet applications (Google Wallet, PayPal, ISIS, maybe Apple) with secure elements—will make it academic.

All of this, though, is aimed at pushing retailers to have a reason to upgrade their systems to accept EMV. Many retailers are resisting, and for good reason: there's not much of—OK, almost any—economic ROI justification for paying for such upgrades. This is triply true because many chains have recently upgraded their systems and a slight reduction in PCI paperwork is hardly a game-changer.

Actually, there is a reason for most chains to strongly consider moving to these EMV-friendly terminals, and it has little to do with Visa or MasterCard and certainly not with PCI. Mobile purchases are going to soar in 2012, and chains are going to want to facilitate those as aggressively as possible. Given that mobile wallets are generally using EMV, it will be consumer demands that will push the EMV terminals.