Ad Disclosure

2015 EMV Migration Report

cardhub EMV badgeRecent high-profile data breaches, such as those perpetrated against Target and Home Depot, have thrust smart chip credit cards and the term “EMV” into the public consciousness as the banking and retail industries ready themselves for the impending October 2015 liability shift. Visa and MasterCard set that as the deadline for when banks and merchants must have enabled chip-card payments or else incur significant added liability for fraudulent transactions.

But, as the consumer education process continues, the question still remains: How prepared are the country’s largest retailers and credit card issuers? How many cards and point of sale machines will be replaced? And are any banks or retailers opting for added liability rather than overhaul their hardware?

In search of answers, CardHub contacted the 10 largest U.S. credit card issuers, the 50 largest retailers and five smaller retailers that were recently the victims of infamous data breaches.

Main Findings

  • All 10 of the largest credit card issuers are in the process of issuing chip-based credit and debit cards and expect the majority of their portfolios to be updated by the end of 2015.
  • All of the major retailers that responded to our survey are on track to meet the October 2015 EMV transition deadlines set by VISA and MasterCard.
  • All of the major banks are issuing chip-and-signature cards, with 40% also supporting PIN capabilities. In addition to all major retailers accepting signature-based cards, 65% plan to accept chip-and-PIN cards as well.
  • All chip-based cards issued by major banks will continue to have magnetic stripes – enhancing usability while also mitigating certain fraud protection benefits.
  • Retailer transparency regarding EMV is surprisingly low given the level of consumer concern about data breaches and financial security. Only 17 of the 55 retailers we contacted provided information about their policies – including only 25% of those that have been victims of breaches.
  • Contrary to retailers, credit card issuers displayed exceptional transparency, with all of them providing information about their EMV transition plans.

EMV

Detailed Findings

Banks

Issuer What percentage of your credit cards will be chip-based by October 2015? Will all customers or just new applicants get them? Will you offer chip-and-signature or chip-and-pin cards? Will your cards continue to have a magnetic stripe? Do you plan to issue EMV debit cards as well?
Best Vday Cards American Express Majority of cards All customers U.S. consumers: chip and signature

International consumers: chip and PIN
Yes N/A
EMV Bank of America Majority of cards All customers Chip and signature Yes Yes
Best Vday Cards Braclaycard 65% All customers Both Yes N/A
Best Vday Cards Capital One Majority of cards All customers Chip-and-signature, but considering options to enable PINs in the future Yes Yes
Best Vday Cards Chase Majority of cards Existing cardmembers: can request one by phone
New cardmembers: will be issued EMV cards
Chip and signature Yes Yes
EMV Citibank Majority of cards Existing cardmembers: can request one by phone
New cardmembers: will be issued EMV cards
Chip and signature Yes Yes
Best Vday Cards Discover Majority of cards All customers Initial implementation is for chip and signature Yes Yes
EMV U.S. Bank We started issuing EMV credit cards in fall 2014 N/A Chip-and-signature Yes Yes
EMV USAA Majority of cards All customers Both Yes Yes
Best Vday Cards Wells Fargo Does not currently have a date by which all cards will have a chip All customers Both Yes Yes

Retailers
Retailers not listed in this table have not provided information regarding their EMV migration plans, and public information regarding this process could not be found.

Retailer Upcoming changes expected by October 2015 Will store-branded credit cards feature the EMV technology? Will all customers get the new EMV cards? Will the new EMV cards be chip-and-signature or chip-and-PIN? Will new EMV cards have a magnetic stripe?
EMV Army Air Force Exchange 100% upgrade No. Internal system enhancements will be pursued N/A N/A N/A
EMV Bi-Lo 100% upgrade N/A N/A N/A N/A
EMV BJ's 100% upgrade Yes All customers Chip and signature Yes
EMV Costco 100% upgrade N/A N/A Chip-and-PIN Yes
CVS 100% upgrade N/A N/A N/A N/A
H-E-B 100% upgrade by June N/A N/A N/A N/A
Kmart Systems compatible with EMV N/A N/A Chip-and-PIN N/A
Kroger Systems compatible with EMV Yes All customers Both Yes
Lion Food 100% upgrade N/A N/A PIN capabilities N/A
Lowe's Upgraded terminals N/A N/A N/A N/A
Macy's 100% upgrade N/A N/A PIN capabilities N/A
McDonalds Customers can use the Softcard App (based on the global EMV standard) N/A N/A N/A N/A
Menards 100% upgrade No Changes Currently Planned N/A PIN capabilities N/A
Nordstorm 100% upgrade Yes All Visa cards Chip and signature Yes
Publix In process of updating its terminals N/A N/A PIN capabilities N/A
Rite Aid EMV‐ready equipment for domestic and international transaction processing N/A N/A N/A N/A
Subway Adopted Softcard App (which uses the EMV global standard) N/A N/A N/A N/A
Supervalu 100% upgrade N/A N/A PIN capabilities N/A
Taco Bell Launched a mobile ordering and payment app N/A N/A N/A N/A
Target Chip card readers were installed in September 2014 Credit and debit cards will be reissued as EMV cards in 2015 All customers Chip-and-PIN Store cards will not have a magnetic stripe, but the MasterCard REDcard will
Home Depot 100% upgrade N/A N/A PIN capabilities N/A
Walgreens All stores accept chip-and-pin cards N/A N/A N/A N/A
Walmart 100% upgrade in Nov. 2014 Cards already have EMV chips EMV chip technology was adopted 8 years ago Both Yes

Back to Top

Ask The Experts

  1. What are your thoughts on the findings of CardHub’s report?
  2. What are the biggest investment opportunities you see as a result of the U.S. migration to the EMV standard?
  3. What impact do you think EMV technology, especially the brand implemented in the U.S., will have on fraud rates?

 

Back to All Experts

Mary Ann Miller

Senior Director and Fraud Executive Advisor at NICE ActimizeWhat are your thoughts on the findings of CardHub’s report?

CardHub’s report is a very helpful “at a glance” report on the state of EMV migration. Regardless of bank or merchant adoption, the consumer and the staff at both the banks and the merchants need to be fully educated and trained on how to accept and use chip-and-pin, if it applies at the point of sale.

If we keep swiping, then we defeat the purpose. Online merchants and banks need to prepare for the influx of card-not-present fraud. As 2016 begins to emerge, the attempts and incidents of fraud will go up.

What are the biggest investment opportunities you see as a result of the U.S. migration to the EMV standard?

The U.S. migration to EMV will be the single largest migration globally. Investment opportunities for financial institutions include creating a “card fraud hub”, which creates an environment to protect the customer for point of sale card transactions, as well as card not present transactions, mobile wallets, and the growth of digital innovation on the card side. Analytics will play a key part in this investment, not only used to respond to fraud migration but to support the enablement of the card and mobile convergence.

What impact do you think EMV technology, especially the brand implemented in the U.S., will have on fraud rates?

We will see counterfeit fraud decrease over time, however, card-not-present, card-not-received, lost and stolen, account takeover, and identity theft, will all spike up. Fraud will move to more complex fraud scenarios. And as new technology and new ways to pay are launched, we will see different types of fraud. Apple Pay or wallet provisioning fraud is a good example of emerging fraud opportunities.
Back to All Experts

Jeffrey Jones

Professor of Accounting and Business at The College of Southern NevadaWhat are your thoughts on the findings of CardHub’s report?

It is my belief that changing over the more encrypted cards will help deter thieves/criminals from looking at a company to inquire on a data breach. I also believe that criminals will be reading these reports to help them refine their searches on which companies to target based on information they are reading. This will allow them to focus on their niche companies that follow a certain pattern they are looking for, to better align with their business plan/crime plans.

The cloud facilities that are being built with high levels of security may help businesses secure these types of transactions, if the firewalls are secure enough to allow those watching the firewall to collect data and review who is looking and watching transactions being made through their facilities.

What are the biggest investment opportunities you see as a result of the U.S. migration to the EMV standard?

I believe that the majority of consumers only watch the high profile companies that make the news for data breeches. The Target case is a perfect example. This may deter shoppers from going to a store for a short period of time due to finding a data breech. My point would be that now that the criminals already hit that company for data, why would they go back again? This would make the company a better place to shop for two reasons. Why would they go back a second time and the company would now be looking for data breeches along with putting better policies in place. The best investments will be found in companies that are being proactive in putting policies in place to prevent such actions from occurring. The best long term investments are going to be those companies that steer clear of the data breeches. The biggest factor in this notion is which company is going to have the best approach and which companies are criminals going to avoid attacking due to the fear of being caught.

What impact do you think EMV technology, especially the brand implemented in the U.S., will have on fraud rates?

I believe that the best crime organizations follow a business plan similar to that of all corporations. They have goals and a mission on which they follow. This allows them to follow a laid out plan of attack. This also allows them a time line and process to follow regarding how long it will take them to carry out their plans for each company they breech. When the government agencies and the IT departments can figure out how they are laying out the plans for each attack they will better be able to block a data breech.

This would make me believe that by sharing information on how a company's information was attacked would allow every corporation involved the ability to put their teams together to fight the attacks as a cohesive group. This type of communication will help the overall environment of breeches and bring down fraud rates.
Back to All Experts

Randy Vanderhoof

Director of the EMV Migration Forum, and Executive Director of the Smart Card AllianceWhat are your thoughts on the findings of CardHub’s report?

Terrific report which confirmed a lot of what we were hearing from the issuers, merchants and payment networks about the progress in the market towards EMV.

I think that the reason for the transparency differential between issuers and retailers is that issuers see chip cards and consumer security as a point of competitive advantage they have over smaller, low or no frills issuers. Merchants on the other hand are not competing with other merchants on security and are more focused on payments acceptance cost and how much they are spending on EMV with little ROI in the near term.

What are the biggest investment opportunities you see as a result of the U.S. migration to the EMV standard?

mPOS is going to be a big beneficiary of EMV. Many tier 2-3 merchants are finding that their old proprietary hardware and software vendors built on 10-20 year old technology cannot handle the demands for new security technologies such as EMV, point-to-point encryption, and tokenization. The cost to upgrade those systems may result in many more retailers looking for newer, open technology, mobile solutions that can plug and play with a number of newer payments options and mobile devices.

What impact do you think EMV technology, especially the brand implemented in the U.S., will have on fraud rates?

EMV is a proven, effective technology for significantly reducing counterfeit card fraud most often associated with magnetic stripe cloning. The face of fraud will change as criminals discover new ways to move fraudulent activity to weaker channels, like online commerce where the same payment card is used for transactions but does not involve accessing the secure chip on those cards. Other fraud deterrents are available and must be implemented in addition to EMV enablement. Updating PCI security measures, point to point encryption, and tokenization are additional layers of security that should be considered to remove fraud from the retail payments system, not just slow its growth and movement to other channels.
Back to All Experts

Billy Tran

Director of Marketing for Secure Transactions at Gemalto What are your thoughts on the findings of CardHub’s report?

This report is a very helpful benchmark in terms of where some representative banks, credit unions and retailers stand in the shift to EMV. We’ve found similar trends in the interactions we’ve had with our customers. There are a couple important things to note in the context of, or in addition to, the insights in the report:
  1. Although many are comfortably moving toward the EMV deadline, there are a large number of regional banks, community banks and credit unions that still have work to do in migrating their customer bases over. The same is true of small and medium-sized retailers that will want to update their POS terminals. In some cases, they are waiting to see how things shake out, in order to learn from other banks or retailers on how to make the smoothest, most effective transition. In others, they are working on back-end integration, profile migration and resource investment needed to make the switch. We are now within six months of the deadline, which is the average time a migration will take, essentially setting up a race against the clock for those banks and retailers. Currently, we also see customer education as an important and sometimes forgotten step to ensuring a smooth transition for all sides.
  2. EMV most directly prevents fraud at the transactional/card level, but it is important to be aware of other risk gaps regarding what, how and where personal data is stored by retailers, as well as challenges in securing online payments. EMV helps prevent the form of fraud that is currently most prevalent — counterfeit card fraud — and is laying the security groundwork. Building off the EMV framework by adding tokenization will reduce the value of stolen card information, making it less of an incentive for fraudsters. In short, EMV combined with tokenization is the key to protecting face-to-face payments and mitigating cross-channel fraud.
What are the biggest investment opportunities you see as a result of the U.S. migration to the EMV standard?

Perhaps the most general benefit of the migration to EMV is that there will be a security framework protecting traditional EMV cards, dual-interface contactless cards, mobile payments (via mobile EMV) and even online payments (when combined with tokenization measures).

Contactless payment is a natural progression within the EMV chronology, increasing convenience for consumers. The ease of contactless payments results in more frequent purchases at applicable retailers and higher revenues for banks. With contactless card, mobile and wearable payments, there is a growing number of business opportunities for other types of service providers too. For example, transportation operators see contactless or wearable technology as a perfect way to reduce turnstile friction and streamline a traveler’s trip.

Additionally, as EMV card rollout occurs, banks have the opportunity to offer consumers new services, perks or card options, from cards made of eco-friendly biodegradable materials to card design customization to instant issuance, where new or replacement cards are produced in a matter of minutes rather than being sent in the mail over the course of weeks.

What impact do you think EMV technology, especially the brand implemented in the U.S., will have on fraud rates?

As we’ve observed in countries implementing EMV prior to the U.S. migration, card fraud is significantly reduced in the years immediately following a shift. For example, debit card fraud in Canada dropped 73 percent in the three years after EMV was implemented in 2009. We expect to see similar results in the U.S., with the change affecting even more people. The results might even be more impressive, considering the fact that the U.S. has a good many models around the world to learn lessons from and avoid mistakes.

In the past, when a country deployed EMV, we most frequently saw levels of domestic fraud drop, but fraud would migrate to international transactions focused in countries that were still predominantly magstripe, like the U.S. With the U.S. being the final developed economy to make the switch, international fraud rates shouldn’t spike.

With greater peace of mind about the security of card transactions, we will be able to put more focus and research into emerging fraud. Once the U.S. has transitioned to EMV safeguards, fraudsters will look for new frontiers and channels like online commerce. We will need to work as an industry to continuously develop new innovations to protect against these evolving fraud techniques.
Back to All Experts

Catherine Johnston

President & CEO of International Smart Card Associations NetworkWhat are your thoughts on the findings of CardHub’s report?

There are many issues above and beyond cards and terminals. I am not surprised by the statistics, but I would be interested in hearing much more about the consumer experience and who will drive elements of consumer education.

What are the biggest investment opportunities you see as a result of the U.S. migration to the EMV standard?

Designed as a fraud prevention tool, EMV does not really drive investment opportunities. Obviously, cards, terminals, and testing/certification are areas where investments will be made, but this is a cost (fraud) containment measure, not a revenue generator for most of the stakeholders.

What impact do you think EMV technology, especially the brand implemented in the U.S., will have on fraud rates?

The ability of EMV to significantly reduce counterfeit fraud has been demonstrated around the world. The U.S. will see the same benefits.

As soon as mag stripe can be eliminated, everyone will see additional fraud reduction. Because counterfeit has been the most expensive area of fraud in the past decade, it made sense to start with it. Other frauds will need to be addressed in turn.
Back to All Experts

Mansour Aaron Karimzadeh

Managing Director & CTO at SCIL-EMV AcademyWhat are your thoughts on the findings of CardHub’s report?

The report is highlighting what we have known for a while: Most issuers are working to be ready by year end, but many retailers/merchants are in denial and not doing enough to be ready in time. They claim that if they become liable to pay for any fraudulent transaction they will pay and that it would be much less than the cost of EMV upgrade.

What are the biggest investment opportunities you see as a result of the U.S. migration to the EMV standard?

Mostly in hardware vendors who have to provide terminals, readers, cards and associated services.

Also, test labs who provide certification on behalf of card brands and EMVCo.

Some consulting and software vendors are also in demand.

What impact do you think EMV technology, especially the brand implemented in the U.S., will have on fraud rates?

The card present fraud will be reduced by a large percentage. The card not present fraud will increase by a large percentage, unless the issuers deploy systems that reduce card not present fraud.

Methodology

In compiling this report, we reached out to the 10 largest U.S. credit card issuers, the 50 largest retailers and five smaller retailers that have been the subject of data breaches in order to better understand and relay information regarding the U.S. transition to the EMV standard. The list of retailers is based on National Retail Federation statistics regarding annual revenue, and it includes both traditional retailers and fast-food chains.

All 10 issuers were readily transparent about their policies, while retailer collaboration was scarce. Only 17 of the 55 retail organizations participated, while the rest either declined or did not answer at all – displaying a worrisome lack of transparency given the retail security climate.

Questions Asked of Credit Card Issuers:

  1. What percentage of credit cards will be chip-based by October 2015?
      a. Will all customers or just new applicants get them?
      b. Will they offer chip-and-signature or chip-and-pin cards?
      c. Will their cards continue to have a magnetic stripe?
  2. Do you plan to issue EMV debit cards as well?
  3. What is your take on the security tradeoff between chip-and-signature and chip-and-pin technology?

Questions Asked of Retailers:

  1. What percentage of payment terminals will be equipped to accept chip-based credit and debit cards by October 2015?
  2. What type of payment terminal upgrades do you expect to make?
  3. Will a customer with a chip-and-pin credit card be able to enter in his or her PIN in order to complete a transaction?
  4. Do you plan to reissue store-branded credit cards with EMV computer chips? If yes:
    a. Will all customers or just new applicants get them?
    b. Will they be chip-and-signature or chip-and-PIN?
    c. Will they continue to have a magnetic stripe?

Editorial Disclaimer: Editorial content is not provided or commissioned by financial institutions. Opinions expressed here are the author’s alone and have not been approved or otherwise endorsed by any financial institution, including those that are CardHub advertising partners. Our content is intended for general educational purposes and should not be relied upon as the sole basis for managing your finances. Furthermore, the materials on this website do not constitute legal advice and should not be relied upon as such. Please let us know if you have any questions or suggestions.

Ad Disclosure: Offers originating from paying advertisers are noted as “Sponsored” on the offer's details page. Advertising may impact how and where offers appear on this site (including, for example, the order in which they appear). At CardHub we try to list as many offers as possible but we don't make any representation of listing all available offers.

Previous What Happens to Debt When You Die   Should I Sign My Credit Card or Write “See ID”? Next
DISCUSSION
May 5, 2016
Photo of Sharon W.
May 5, 2016
What are my options?
May 10, 2016
Photo of Card H.
May 10, 2016
You can check our selection of smartchip credit cards here: cardhub.com/credit-cards/emv/ . Note, however, that all credit cards will come with chips before long. Best of luck!
Mar 18, 2015
Photo of Allison C.
Mar 18, 2015
Target has the chip readers installed, but they don't work, at least not in Pensacola. Same with Petsmart and several other retailers we've been in lately. Walmart is the only place in Pensacola where it's worked for us.