Commentary: Should states worry about the switch to EMV card readers?
Circle Oct. 1 on your calendar. It’s an important date in the country’s plan to improve the safety of financial transactions — but for state government agencies, the deadline may not be as critical as you think.
By next month, all federal agencies must install new EMV-capable credit card readers in places like post offices or national parks. The move stems from an executive order issued last year to make transactions less vulnerable to hackers.
Meanwhile, states can set their own timelines to replace their pay terminals with those that accept EMV credit cards, which carry an embedded computer chip and require a user either to sign or enter a PIN number. States will still, however, be subject to the “liability shift” that takes place in October — meaning, they may be responsible for fraudulent charges made on any terminal that hasn’t begun accepting EMV cards.
Already widely used in Europe, Canada and Australia, EMV cards (short for Europay, MasterCard and Visa) are fast becoming the global standard and have been billed as a reliable antidote to the rising costs of fraudulent magnetic stripe card use. They generate one-time, encrypted account data for each transaction that — at least for now — is hard for thieves to copy or duplicate.
Yet, the United States is the last of the world’s 20 largest economies to adopt EMV.
There is still plenty of time to research the issue and understand your agency’s risk for counterfeit charges, which in the end may be the deciding factor. But as you deliberate, consider:
- The Oct. 1 deadline does not mandate any merchant, including state government, to convert to new EMV card reader devices. Even as credit card companies are in the process of replacing existing magnetic stripe cards with microchipped cards, the process will only be approximately 70 percent complete by the end of this year. In addition, chip cards still include a magnetic stripe, so even the new cards will be compatible with agencies’ existing point-of-sale terminals.
- Chip cards have a better chance of reducing fraud if they require a PIN number as part of a transaction. However, U.S. credit card companies are not requiring cardholders to enter a PIN with each transaction. Instead, card issuers will continue to use a signature as the primary form of card authentication and, in the end, government agencies may not see a significant reduction in fraud with the use of chip cards.
- Upgrades can be costly. Basic EMV-capable terminals that accept chip cards and complete signature transactions cost between $200 and $300 each. Models that accept EMV cards and complete PIN transactions can start at $400 each on the low end.
- Government agencies’ incidence of counterfeit transactions typically is fairly low – much lower than for retail stores, for example. For instance, among NIC state government partners, we have found the typical annual chargeback rate for a state to be less than 0.2 percent of overall credit card transactions. This stands to reason, as someone using a counterfeit card probably is more likely to fraudulently purchase a large-screen TV than to make a trip to a Department of Motor Vehicles and use it to renew a driver’s license. Therefore, state agencies may choose to maintain their existing terminals and accept the liability for a very low volume of counterfeit transactions.
- While chip cards are more secure at the point of sale than magnetic stripe cards are, they offer no additional security in online transactions, where buyers enter their credit card numbers. Hackers sometimes can retrieve those card numbers, even from encrypted transactions. And, once the agency’s system has the buyer’s information, the data still must be encrypted at each step of processing to ensure security, regardless of whether the customer is using an EMV or a traditional magnetic stripe card.
Mukesh Patel is president of NIC Services LLC, a wholly owned subsidiary of NIC Inc. He is responsible for NIC’s payment processing and financial management platforms, and speaks on payment processing best practices and trends in eGovernment services.