Last week U.S. House Small Business Committee held the second part of a hearing entitled “The EMV Deadline and What it Means for Small Businesses,” which was supposed to address payment security in the United States.
Instead of providing Congress with useful information about how to help small businesses protect consumer data, large national retail associations used the hearing to push for a “security” solution - PIN - that wouldn’t have done anything to stop the breaches at Target, Home Depot or Michaels and won’t have a meaningful impact on overall payments fraud.
Lost in this charade was the fact that the migration to EMV chip cards and the activation of chip readers by merchants is a critical step in further improving consumer protection. We’ve already seen tremendous progress; 60% of cards are expected to be chip-enabled by the end of the year, and half of all chip payment volume is coming from small businesses.
But retailers have spent so much time drumming up false arguments related to PIN that they’ve barely given any thought to the EMV migration itself. During the hearing, when given the opportunity to recommend ways in which the transition to EMV could have gone smoother, one merchant witness could not offer up a single suggestion.
If they did spend time studying the issue, they would know that EMV isn’t just about protecting consumers - it’s also about protecting retailers. Not only do EMV chip cards make it nearly impossible to make a purchase using a counterfeit card, if a merchant turns on their EMV reader, they aren’t liable for any fraud in their store, including the small amount which might result from criminals using lost and stolen cards.
While EMV can stop criminals from using counterfeit cards, a lack of any security standards among merchants means that consumer data is still vulnerable to hackers. The payments industry adopted common sense data security standards over a decade ago, but protecting the entire electronic payments ecosystem requires everyone to do their part.
The hearing is clear evidence that retailers are more interested in using security as a political football than in having a real discussion about adopting meaningful security standards. Such standards could put an end to the retailer data breaches that have led to the theft of tens of millions of U.S. consumers’ personal information.
Molly Wilkinson is executive director of the Electronic Payments Coalition.
