Category Archives: contactless

Cartes 2014, Paris

watchdata-sharkey-460wThe 29th edition of Cartes in Paris has been a strange old show. Meeting friends old and new is still an integral part of this annual calendar marker, but the show itself seems to be evolving into something new. Previously we’ve seen a market place, busy stands full of the latest tech demos and enticing you to rollout a new way of paying. 2014 is a different show – noticeable big exhibitors absent; card networks running only a series of meetings rather than demonstrating their latest ideas; a new zoning concept grouping supposedly like businesses together and creating a changed flow of people. It is also a show that demonstrates in the most marked way the ongoing shift in the cards business.

Traditional POS manufacturers and their imitators are thin on the ground this year, replaced by a bevy of mPOS device providers with their Bluetooth battery life claims and acquiring apps for any mobile device. Most of them seem to be looking for a first customer for their black plastic box (often with a blue LED) before gaining the certifications demanded by the industry. And this is one of the indicators of our changing playground – many new players ‘having a go’ at doing things that seem simple without realising that there is significant investment ahead of them to become compliant and interoperable. Where this was a barrier before, the much clearer certification paths created by years of refinement and a growth of managed services in this area mean that help is at hand and a budget for the next step is more definable.

A second focus has been the re-form-ing of cards. Much talk of M2M and the Internet of things and how will the traditional model morph to meet the challenges. There are lots of discussions on the security aspects of these devices – how to tie the required credentials into open devices with out creating open wallets for thieves to plunder. There are creative, new (and old-fashioned) solutions on how to let your fridge automatically pay for groceries at your online store – and a bigger discussion on if the cards infrastructure can really support the varied authentication methods coming into being.

And finally, for me the star of the show, Watchdata’s Sharkey smart watch. Yes, it looks like the love child of ICE watch and Google Gear, but the concept it outlines is one that we’ve all been waiting for since the earliest concepts of watch payments nearly 20 years ago. Essentially it is a smart watch with secure element and ISO 14443 contactless antenna (just like the upcoming Apple Watch) but what differentiates this is the ecosystem that is being built around it. The watch can house multiple contactless format applications such as traditional payment schemes, but also transit applications and many others yet to be invented. The fundamental principle is that I can load on digital versions of my existing apps – payment card, city transit pass, eID – and then if I travel, I can load on local applications such as the local transit pass, a local currency prepaid card or even event passes and etickets. The watch then becomes the form factor facilitating my interactivity, but linked to the outside world through a short secure Bluetooth connection with my phone, tablet or PC. It resolves the open connectivity issue with using a mobile for payments and takes away the ‘get it out of your pocket’ conundrum that makes mobile such a bad form factor for paying. Best of all, it answers the age old question – wouldn’t it be cool if your could pay with your watch?

Microtraining: EMV in Three

As part of my role as an EMV Evangelist, I’ve produced ‘EMV in Three’, which is essentially all you need to know about EMV in less time than it takes to make a coffee. Please feel free to share this microtraining with your friends and colleagues!

The great interoperability myth

BabelfishA question I’ve been asked many (many, many) times about payment cards is why do we keep old acceptance components on the card once we’ve migrated to EMV? For most you should read this as ‘why keep a magstripe?’ but it could equally be ‘why have embossed numbers?’ and ‘why have the PAN written on the card?’. There is a simple answer for these, but also a much more complex discussion.

First of all, the simple answer. As markets don’t all move to new technology at the same pace (re: US EMV migration) in order to ensure that one type of card can work everywhere, older interfaces are retained – this is called interoperability, or the ability for cards to work in infrastructures at different technology levels. If you were a mathematician, you’d call this working to the lowest common denominator. If you’re a banker it means that you’re making a risk-based decision to offer transaction availability (convenience) over fraud risk (security). It also means that MasterCard (and/or Visa, Amex, Discover, CUP, JCB…) can truly claim that the same card can be accepted at more than 35.9million locations worldwide [here] and talk about lots of other big numbers.

For the vast majority of cardholders, global interoperability is an unnecessary luxury as they will never use their cards in a face-to-face transaction beyond their own national borders [here], and of those adventurous types travelling, most will only reach neighbouring countries or travel within a region. This is why the first EMV terminals deployed in the US were on the borders of Mexico and Canada. It’s also why Belgium’s banks can happily close off acceptance of their Maestro cards beyond the borders of Europe as it affects only a minuscule percentage of their cardholders.

However, one of the additional reasons that we retain the magstripe on EMV cards is because the banking industry has used it for other things – the primary one being accessing an EMV-enabled ATM. Typically EMV-enabled ATMs use motorised readers and ‘swallow’ the card so that it is held in the reader during the transaction. To stop those of an adventurous nature from trying to shove other things into the card reader, such as library cards, bus tickets and anything by Panini, these readers have a small gate just inside that is triggered by presence of, and reading the first character of the bank card’s magstripe. Although we’re seeing first examples of non-motorised, separate readers from EMV cards in the Nordics, they’re not widespread. Other examples of magstripe usage include easier card orientation, entrance to bank vestibules, transaction fallback and locking mechanisms on hybrid dip readers on some POS terminals. This is all interoperability on a smaller scale.

Finally, legacy card data interfaces such as magstripe, PAN printing and embossing remain as the schemes/brands that manage global card franchises insist that they do so. Interoperability plays a large part in their USP – why use domestic debit when our debit works here, here and here as well! This is at least until the US EMV migration is complete as these US-based organisations are reluctant to kill the tool that is most prevalent in their home market. So a laser-printed, chip-only card for international use is still some years away as a mass market product. And herein lies the fundamental problem with the four-party cards system, as the Issuer and Acquirer may be on significantly different acceptance technologies and so the more advanced issuer has to ‘dumb down’ or face non-acceptance. All of this means that interoperability at a global level has a place, but we all pay for the benefit of a relatively small number of cardholders to be supported. So yes, interoperability makes sense, but should it really drive risk management in the way that it does?

Having the right change is wrong

cash is brokenNine years on from the tragic bombings that rocked London, Transport for London (TfL) have decided that the time has come to give a better reason for 7 July (7/7) to be remembered – the day that London’s buses went cashless (here).

The success of London’s Oyster contactless ticketing system (here) and the introduction of contactless banking card acceptance on buses just over a year ago (here) has increased the fall of cash usage below the 1% of passengers mark and allowed TfL to become a cashless transit system at the point of usage. The transit authority believes that it will gain significant savings by no longer accepting cash – particularly cash handling and service efficiency gains. This has been made possible by the legal tender laws in the UK and the right for a merchant to decide how they wish to be paid.

Contrary to popular belief, shops or individuals do have the right to refuse payment in coins or notes, even legal tender ones, before a transaction has taken place, and to demand payment in whatever form they choose. However, when the debt has already been incurred (which, under the concept of ‘invitation to treat’ the vendor has already supplied a good or service prior to payment), then they are obliged to accept settlement of that debt in legal tender currency up to the amount authorised in law (which in the case of £1 coins, is unlimited). – Chard legal information

This is in stark contrast to the legal tender recommendations created for the Euro currency (here). While these recommendations are not European law (i.e. not a Regulation or Directive), they would be taken as the start point for any case of dispute that was taken to the European Court. Primarily of interest has to be the opening point of the recommendations:

Where a payment obligation exists, the legal tender of euro banknotes and coins should imply:  (a) Mandatory acceptance: The creditor of a payment obligation cannot refuse euro banknotes and coins unless the parties have agreed on other means of payment.
– ELTEG recommendation number 1

Which means that potentially a customer could insist on paying with Euro cash even when the merchant states that they no longer accept it, as refusal of cash requires agreement of both parties. To date, examples such as Dutch retailer Van Gastel (here [in Dutch]) are meeting with strong public acceptance, but can you imagine the same thing happening in more cash-loving markets such as Germany?

So it means for now is that we have a British example of the future analogue cash-free society and there at least is seems that the law is on the side of progressive electronic payments and the gradual removal of the criminals’ friend – cash – and of course TfL no longer spending tax payer’s money on stickers saying ‘Correct change only’.

in2payments on Rebelmouse

If you want more information on the payments world, but are afraid to ask, don’t fear – in2payments live is now available on Rebelmouse to bring you all the latest news stories and tweets from across the web. Click the link below or the Rebelmouse button from our homepage.

Buying a hypercar for the school run

bmw 300 A friend of mine in Belgium owns a beautiful BMW M5, capable of doing nearly 300km/h if de-restricted. The national speed limit is 120km/h. He doesn’t go to track days, but he does drop his kids off at school each day and they certainly arrive in style. He says that he owns it for the thrill of the acceleration and performance, but to be honest he could have spent a whole lot less and got himself an Ariel Atom (here) and made the kids walk to school. Or moved to Germany.

Why am I telling you about this in a payments blog? Well I’m here in the States at the SCA Payments Summit in Salt Lake City listening to the latest info and thoughts on the US EMV rollout. The International Brands, Visa; MasterCard; Discover; AMEX; have all reiterated their liability shift timetables and so come October 1, 2015, those not compliant in the US will become liable for any fraud. Yay! Issuers are already putting EMV chip cards into market – starting with their high transactors first (here) – and merchants such as Wal-Mart are already switching on EMV acceptance capability in high tourist areas. This is all great news and very promising as the migration gathers pace. There is however one flaw – and here we go back to my friend’s BMW…

While others are openly explaining that Chip with PIN is the most secure option, Visa continue their declaration that the US should be a Chip and Signature market – merely mimicking the current magstripe environment but on EMV cards. Visa is telling card issuers to buy a hypercar for the school run – getting a huge leap forwards in technology and security possibilities, then running it in first gear. I’m not going to speculate on the reasons why here, as there are a few possibilities to do with business model, pragmatism and blind faith in the current system. However, what is clear is that this advice isn’t good for the long term future of the market. US Issuers should be encouraged to do as much as possible in the first instance to build systems that take them forwards instead of spending the estimated $11bn cost of migration just to stand still.

It’s fine to have a minimum standard, but it just won’t bring the intended benefits to the market if the majority only achieve this baseline. Furthermore, merchants understand the value of PIN. They understand that signature has near-zero value as a cardholder verification method (CVM) and certainly doesn’t stand up in the chargeback process. They also understand that in chip-on-chip transactions (which will be about 40% of volumes come liability shift) signature is not going to help them out much.

Clearly the added cost of offline PIN and the intrinsic difficulties of PIN change that it brings will be a step too far for most Issuers. However, as the majority (if not all) cards will be issued with online PIN for ATM, why not just extend this to POS and make a bold statement to the merchant community – the US will be Chip and (online) PIN with signature fallback because we want to protect transactions and integrity of our payments system. During the tricky migration period, which will last probably until 2021, magstripe fallback will be the norm and so counterfeit will continue through cards with disabled chips and counterfeit magstripe. Signature as the main CVM will not stop this and so the fraud will go on, and on. PIN won’t stop data breaches, but it will greatly reduce the capacity for replay of counterfeited cards into the POS channel.

Merchants are calling for PIN and most processors I’ve spoken to believe that it’s the right option, all they need is a little advice from the International Brands. It’s time to unleash the US’s new hypercar on the Bonneville Salt Flats rather than sitting at 55 on Route 66.

Monetising Mobile Payments

Or why Banks are REALLY scared of mobile payments

For me, mobile payments began back in 2000 in the innovation area of MasterCard. Using an Ericsson R380 mobile, and a server-based wallet in conjunction with the SET protocol and possibly the most expensive data connection known to man, we tapped our stylus and paid for an item a little under three minutes (yes, minutes). This was the future, this was the next big thing.

Mobile PaymentHere we are now, almost 13 years to the day and mobile payments are still the ‘next’ big thing. There’s been a lot of issues getting mobile payments into the mainstream – some of which are to do with a lack of a strong consumer offer. Some recent initiatives looked promising – the Six Pack in the Netherlands, a similar Belgian initiative, Oscar in the UK, ISIS in the US – but none make it past commercial pilots or more often the initial talks. Part of the reason is that there are a number of misconceptions about the payments world, which mobile players trying to enter the market naively accepted as truth – not in the least helped along by regulators claiming that the payments world was awash with transaction revenues.

Take for example a 100 EUR transaction made with a credit card in Belgium. It will cost the merchant around 2,20 EUR to accept. This fee is the Merchant Service Charge which is composed from the Acquirer’s 3-4% margin plus fees to cover all other aspects of the transaction, which are passed through to other players through the transactional model. The most visible of these is interchange – which is a balancing fee sent to the Issuer of the card to compensate them for providing the card and account to the cardholder. In our example this results in a net revenue for the Issuer of around 90 cents. From the money that they receive, they will fund transaction processing – either on internal systems or more usually today with a third party processor such as SIX card, ATOS or First Data. The cost for this would be around 6,5 cents per transaction. This leaves the Acquirer with around 60 cents revenue to pay their costs and provide margin.

However, all three of these entities will then pay a substantial fee towards the payment scheme – typically MasterCard or Visa – which amounts to around 65 cents in our model. Proposed European legislation on interchange will reduce the Issuer’s revenue to 0,2% of the transaction value – a cut of around 70 cents in this model. However, it is unlikely that the Merchant Service Charge will reduce by this amount.

Recent years have also highlighted the continuing issues that Banks have with customer intimacy, lost during years of increasing automation of Bank process rather than customer engagement (here) yet they retain a reluctance to allow others to provide that intimacy. A word that is used often in the industry is ‘disintermediation’ – which means someone else getting in between them and their customers. It created such a fear in the industry that rather than co-operate, they do other silly things.  MasterCard was so terrified of new wallet players that they imposed a fee on funding transactions for deported wallets that isolate the banking world from the actual commercial transaction (and the data that goes with it). This includes people such as Google, ISIS and PayPal.

In reality though, PayPal gross transaction value accounts for only 60bn USD of the estimated 30 trillion USD made in credit and debit card transactions each year, equal to roughly the transaction value in Belgium. The banking world is in reality more fearful of the public perception of PayPal than the reality of it.

Alongside the interchange regulation and a raft of other changes, Europe’s legislators are creating an entirely difficult environment for payment innovation. As well as investigating conglomerates such as the Dutch six pack, the law makers and regulators are also making it particularly difficult for new entrants to obtain the licensing that they need. This puts the brakes on new payment providers once they reach critical mass. Payments is profitable, but it’s hard to enter new markets and harder to get REALLY big. Even players like Google, who have a banking license, have found this a difficult playground.

The key seems to be to stand the current model on its head and forget transaction revenues altogether. In the transaction acceptance world there has been a successful and silent mobile revolution. Although it’s been driven by technology of plugging a device into a mobile phone to create a mobile POS, the revolution was actually in the business model for cards acceptance. Non traditional players such as Twitter’s Jack Dorsey (as Square) and iZettle’s Jacob de Geer and Magnus Nilsson have redefined the market by creating services designed for previously unserved merchants.

In Europe today, 20 million companies do not accept card payments. “These companies are small in terms of turnover, typically they have between 1-3 employees,” stated de Geer in a recent speech. “Accumulated they account for 20 percent to 30 percent of GDP in any European market”.

The reason for this lack of card payments is simple: it’s too complicated. The barriers to becoming an acceptance point are too high. Merchants face complicated applications, fixed fees, long-term contracts and high monthly fees.

But these companies approach the business differently – viewing the transaction as a commodity and seeing the importance in customer experience and the value that can be derived from the data generated by the system. Square is able to know what flavour of pizza is most popular at 3am in the New York Village and can sell that information to a Domino’s franchise looking to open a new store. This is the new reality, payments are now a means of gathering information on transactional behaviour and the costs typically attributed to payments need to be reallocated based on value.

PayPal recently launched PayPal Beacon, a device that works with the PayPal mobile app as a user enters a store and pre-authenticates them at the cash register – giving the merchant a photo if wanted and supplying details on past purchases. This means that there is not even a need to implement NFC to get mobile moving.

Banks are ill-equipped to do what PayPal does. If the future of payments is profit from data, then this suggests that Banks are not currently the future of payments. A Clear2Pay survey in conjunction with Finextra earlier this year showed that over 75% Banks do not currently have the resources, staff or knowledge to deal with the big data that they realise is incredibly important. In short, they are not able to change at the pace the market demands.

This is a space where they need help – and are potentially willing to share revenues to support it – yet after a number of headline failures in banking-telecommunications initiatives, third party appetite may be waning.

Ultimately, the winners in mobile payments will be those that bring real value to Consumers, solve the Banking issue with Big Data, lower costs for Merchant Acceptance while pleasing the Regulators and becoming profitable.

It’s that simple…

Doing something with mobile because…

elephant in the roomThere are a number of generally held perceptions in the executive strata about the future of mobile NFC payments, some of which are true, some of which are most certainly not. Invariably, these mobile truths and myths end up driving projects where the rationale is invariably “we are doing something with mobile because…”

Real innovation in the card payments industry is rare due to the simple fact that it works pretty well as it is. And it does that because it’s evolved over time with a strong focus on ensuring the integrity of every payment while increasing convenience and offering additional features that improve the experience of the cardholder or merchant – NFC for payments actually came into being over 10 years ago. However, the big flaw with this trickling, steady evolution is that the world of commerce has down-shifted, floored the accelerator and is now changing at a rate hard to keep up with. This is where mobile is looking to bridge the gap.

…there are more mobile phones than payment cards

While the statement that there are more mobile phones than payment cards is perfectly true (nearly 7bn versus nearly 2bn), the same could be said for cars (over 1.2bn today and 2bn by 2025) which are typically shared by a number of people meaning that around 3bn people now have access to one. Just because something has become ubiquitous doesn’t mean that it fits the need for payments, as aptly demonstrated by the lack of take-up for BMW’s PayPass-enabled car key. The essential component of a payment transaction is a transfer of value from the cardholder to the merchant in return for goods or services, the reciprocal action to a commercial transaction. In order to find the right token to do this with, currently the card, then we need to examine more closely how cardholders use the tools that they have to perform other tasks.

…our customers expect us to

Expectation weighs heavy on some businesses. In the mobile world they know about expectation with every hotly-followed model launch by Apple, Samsung, RIM, Google et al apparently determining whether these international behemoths will rise or fall. There is a great part to this reason, ‘customer’, which is the only place to begin when creating a new solution. However, there is growing evidence that while consumers are interested in mobile payments, few actually want them, and they do not figure in the rationale for changing banking provider for the vast majority of people.

…if not us, someone else will

For a long while there were many that panicked over the impending overtaking of all payment services by Google and PayPal. To date it hasn’t happened. Sure enough there are many non-bank players that have captured a share of the estimate annual 3.5 trillion electronic payment transactions, but the reality is there’s a pretty big pie to carve up and the losers will be those for which payments was a peripheral business anyway. However, if you do nothing and others expand their services, there is a danger of you losing some customers, but typically with few disruptive players aiming at the full service banking market it is more a risk of disintermediation than total separation.

…it is inevitable that people will pay this way

Consumers have a habit of grasping the most ridiculous of concepts or things, and ignoring the absolute deep-seated logic of a well-constructed product. On the face of it, the electronic purse card for low value payments was a sound invention, yet no implementation could be termed successful. When mobile phones moved into mainstream use, who could have predicted the success of SMS as a service and how it has now changed the way we communicate and the way that language is used. The traditional logic for mobile NFC is sound – mobiles have become an everyday tool and create an interactive environment allowing enhanced transaction security. However, there is growing evidence that the device of choice for banking in many markets is the larger tablet format, with a recent customer survey by ING showing that tablets have overtaken PCs as online banking device of choice and drive consumers to pay bills more on time and reduce time spent in overdraft.

Although the market has settled on the bar format for mobile phone during the last few years, a new format war is about to begin amongst the major mobile manufacturers. Apple, RIM and Samsung have all mooted plans for a big move to the watch format, Google continue their experiment with Google Glass and more wearable devices, all of which take us back to the original concept behind contactless cards and NFC (and mobile) – when the R&D guy at MasterCard in 2001 uttered the immortal words ‘wouldn’t it be cool if instead of a card you could pay with your watch?’ Of course, back then at the turn of the century most people wore a watch – mobile proliferation wasn’t anywhere near today’s levels and telling the time was a matter of looking at your arm and not in your pocket (unlike at the turn of the previous century when people kept their watches there!).

Initial contactless efforts were hence focussed on the watch format – but as the noughties drew to a close, numbers of watches being sold was in decline as consumers looked at their phone instead, and so the associated card genii tried to work out what to do with their huge investment in contactless. The answer, it seemed, was in targeting the device that had replaced the watch – the ever-present mobile phone. And so in 2011 we had ‘the year of mobile payments’, and again in 2012, 2013 and probably next year as well. But what of the humble watch, did it give up its contactless ambitions? Not just yet. There is growing evidence that the wrist-watch is making a comeback as a re-invented status symbol, and as mobile manufacturers return to more wearable formats, your arm may find itself useful again.

Defining the ‘something’

We’re finally seeing some big issuance and acquiring programs in a number of markets globally – and the ongoing battle for customer ownership in mobile payments – but perhaps, as mobiles become more personal, and less likely to be left behind as they are now wearable, the original idea of contactless payments will be the potential next evolution of mobile NFC. So what does this mean for NFC payments with mobile?

It means that there are a few choices ahead of banks looking to deploy something in this area – continue with the traditional format and create something with potential limited consumer lifespan; race to get ahead of the curve and solve the ‘wearable’ problem; or focus more on the increasing use of the tablet format and see how it can be developed further for NFC. Which customer segment or transaction segment to target – closed loop, mass, LVP?

With these choices comes complexity as invariably most banks will dabble with each of these until a standardised solution emerges from consumer-driven preferences. And of course, taking into account the considerations of any solution towards the merchant community and ensuring that both sides of the commercial equation are supported.

Complexity breeds more complexity

Today we have a card. It has embossing and magstripe for certain, probably an EMV chip and potentially a contactless interface – all of which have many variables, but finitely defined in order that they can be fully certified to ensure the integrity of every payment. Even simple implementations of mobile NFC add a new layer of complexity due to the considerable variety of devices, location of the SIM and battery, security of the app or other interface and the open nature of the device. Begin to add more device types and formats and your issues grow.

So how to tackle this estuary of complexity? The first place of course is to talk to your customer base – run ideas through focus groups and ensure that there is consumer desire. Work with merchants to ensure that there will be acceptance once you hit the market. And work with an understanding vendor to help you through the certification process as everything else is a pointless exercise if when your solution goes to market it doesn’t work first time, and every time then your customers will invariably be dissatisfied and your ‘something with mobile’ will be an expensive and potentially embarrassing folly.

First published in Globalsmart NFC & Contactless report 2014 (here)

What goes around, comes around

My watch

One of the nice things about being in the payment industry is that you if you have an idea that doesn’t work today, put it in the cupboard because things might be different in a few years time. There’s a few things that I’ve worked on over the years that were perhaps ‘ahead of their time’ or the macro conditions were not ready yet to launch – after all, payments typically are a reciprocal function of other actions in society such as trade and so are influenced to a greater extent by market acceptance than most other.

Take, for example, the original concept behind contactless cards and NFC – one of my former colleagues at MasterCard in 2001 uttered the immortal words ‘wouldn’t it be cool if instead of a card you could pay with your watch?’ Of course, back then (now over a decade ago) at the turn of the century most people wore a watch – mobile proliferation wasn’t anywhere near today’s levels and telling the time was a matter of looking at your arm and not in your pocket (unlike at the turn of the previous century when people kept their watches there!). Initial contactless efforts were hence focussed on the watch format – but as the noughties drew to a close, numbers of watches being sold was in decline (here) and so the associated card genii tried to work out what to do with their huge investment in contactless. The answer, it seemed, was in targeting the device that had replaced the watch – the ever-present mobile phone. And so in 2011 we had ‘the year of mobile payments’, and again in 2012, 2013 and probably next year as well. But what of the humble watch, did it give up it’s contactless ambitions? Not just yet. Indeed, there is growing evidence that the wrist-watch is making a comeback as a re-invented status symbol (here), and as mobile manufacturers look for the NBT, where is the first place that they run to? Back to the things that they sought to replace (here).

So what does this mean for contactless payments? We’re finally seeing some big issuance and acquiring programs in a number of markets globally – and the ongoing battle for customer ownership in mobile payments – but perhaps, as mobiles become more personal, and less likely to be left behind as they are now wearable, the original idea of contactless payments will now be the next evolution – and the guy at Garanti Bank can also call someone to bring him more pants…

Testing times over the pond

Fluttering US flag  I’m in the US this week discussing EMV migration with a number of major institutions – for those of you that don’t know (where have you been?!) the liability shift has been announced by both MasterCard and Visa for this region with a number of other deadlines thrown in for good measure.

The first of these is in April 2013, when MasterCard, Visa, American Express, and Discover will require that acquirers, service providers, and sub-processors have the capability to process any EMV point of sale (POS) transaction, both contact and contactless. No mean feat to accomplish – 0 to EMV in less than 12 months when it took Europe well over 12 years to reach this milestone. Further to this are a few more important dates – primarily October 2015, when the liability shift kicks in. This essentially means that any non-EMV compliant party in the transaction will bear the cost of counterfeit or lost & stolen fraud.

It’s likely that most US issuers will opt for the same CVMs that they use today when deploying EMV – i.e. at POS they’ll use Chip & Signature for Credit and then either Signature or PIN for debit. What’s not clear though is how many of the US debit brands will move towards EMV in a reasonable time frame meaning that the complete migration will probably take as long as Europe, if not longer.

One of the biggest benefits to the US going (just about) last is the lessons learned from other migrations. The down side will be that they have a very unique payments infrastructure with additional parties not prevalent in payment models elsewhere – networks, processors, VARs, ISOs, credit unions and more – plus a scale that dwarfs players in most other markets.

The biggest change that comes with EMV however is the need to ensure that every component of the payments infrastructure is fully certified and remains so – as well as ensuring that any changes or updates don’t have an impact on the end to end integrity. Selecting certified products has been made pretty easy by EMVCo and the brands – there are hundreds of EMV-certified terminals and kernels on the official lists. However, application development and subsequent certification of the packaged end product (terminal, application, implementation) will be a challenge for the diverse middle-men in the US market where competition is hot and margins tight. It also presents new challenges for estate management – any changes lead to at least 4 new certifications with the main brands – and deployment of application updates across such a broad landscape can also be problematic.

So my advice to those entering the migration – test long, certify short – make sure that you’re going to pass any certifications easily to avoid getting bogged down in the inevitable certification queues and have to bear costly delays or iterative expenses. Although they’re ramping up services at the card brands, a processor with hundreds or even thousands of new card profiles to certify could find that just getting this job done before the liability shift is a major challenge. The only way to hope to achieve this is to test, test, test – and then when you’ve done that, test some more so that certification is a formality and not a bottleneck. Testing is all to often an after thought in the payments world (and other IT sectors come to think of it) but as you sit down to plan your EMV migration, start with the test plan.