EMV chip card controversy puts IT services firms in the middle

Posted by Mike Vizard on Aug 11, 2016 9:29:47 AM

emv_chip_card.jpgIt’s fair to say that the transition to credit cards using chips in the U.S. has not gone nearly as well as planned. Based on technologies jointly adopted by Eurocard, MasterCard, and Visa (EMV), so-called (EMV) chip cards are designed to cut down on the number of instances of credit card fraud. But issues slowing down usage of chips on these cards span everything from the cost of upgrading a point-of-sale (PoS) system to the length of time it actually takes to get those systems certified for use.

While PoS systems have long been profitable endeavors for IT services providers that serve retail customers, many IT service providers now find themselves caught in a wave of recriminations being hurled back and forth between retailers and the credit card issuers.

Home Depot, Walmart, and Kroger have filed lawsuits alleging that the security of the EMV PoS systems in inherently flawed. That’s a major issue because now the credit card issuers are holding retailers accountable for any fraud committed using these systems by enforcing chargeback costs the retailer has to absorb. To make matters even more interesting, hackers at the recent Black Hat 2016 conference showed how EMV PoS systems could still be hacked.

Challenges of EMV chip card adoption

In the meantime, the National Retail Federation (NRF) recently released a study conducted by Forrester Consulting that finds that 86 percent of the retailers surveyed expect to implement EMV chip cards by the end of 2016. A full 76 percent of those retailers cited EMV chip cards as being their top payment challenge in the past year.

Learn more about PCI DSS compliance and data protection

EMV chip cards are now managed by EMVCo, a consortium that in addition to Europay, MasterCard, and Visa now also includes JCB, American Express, China UnionPay, and Discover. Savvy IT service providers that specialize in PoS systems have known for some time now that EMV initiatives are fraught with technical, legal, and economic challenges. While most everyone wants more security intelligently implemented, there’s little consensus on how to achieve it. Moreover, there’s absolutely no consensus on who should be held liable for fraud when that security fails.

To make matters even more interesting, the NRF has asked the Federal Trade Commission (FTC) to investigate whether the security requirements the credit card industry has put in place in the form of the Payment Card Industry Data Security Standard (PCI DSS) are in fact a violation of antitrust regulations.

Navigating chip card politics

There may come a day when advances in technologies such as blockchain or other forms of ledger technologies promise to make chip cards much less relevant than they are at the moment. For now, however, it’s worth noting that chip cards are already widely employed in Europe. That would suggest that the issues in the U.S. may have more to do with process and politics than the actual technology.

Naturally, IT service providers should show some sensitivity to both sides in this ongoing dispute. Neither side is necessarily completely wrong, but the process through which some form of consensus might one day be achieved is certainly bruising for all concerned.

Barracuda MSP blog

Photo Credit: Ben Watts via Flickr.com. Used under CC 2.0 License.

Topics: IT Services Trends

Which Data Loss Gremlin Is Targeting You
MSP Health Check
MSP Phishing Quiz
Intronis Local Lunches
MSP Marketing Assessment