Is the vending industry, including coin-op amusements, ready for smartcards? Starting late next year, the United States will make the switch and join much of the rest of the world in the advanced technology that puts microchips into the plastic people use every day. More difficult to crack by hackers, the recent massive theft of data from major retailers like Target has not only put the need for added security in the spotlight, but also primed the American consumer for the new technology.
Sometimes called EMV -- named after the developers Europay, MasterCard and Visa -- the technology is neither new nor unproven. It was introduced in France in 1992 and today more than one billion cards have been issued with the chip technology. Indeed, as its proponents note, the U.S. is the last major market to adopt EMV technology.
Among the primary advantages for the new technology is the added level of security. Unlike the familiar magnetic stripe (magstripe) card, the data on the chip cannot be easily copied through a process called "skimming" to produce counterfeit cards.
The new credit card format, which includes an embedded microchip, is set for its official rollout in October 2015 by both Visa and MasterCard. The move, according to the credit card giants, also transfers liability.
Upon the October 2015 milestone, what has become known as the "liability shift" places the burden of fraud on whichever party has the lesser technology. Very simply, a merchant or operator can still use the older magnetic strip technology with the new card readers, but they will be liable for any fraudulent transactions. Interestingly, if the merchant has the new card reader, but the bank hasn't issued new chip-embedded cards, then the bank is liable.
This repositioning of risk, banks acknowledge, is intended to spur adoption of the new technology by merchants and banks. In essence, the credit card companies are telling the industry, "You can continue with the old technology, but don't count on us if something bad happens."
This is no small thing. The adoption of EMV technology makes less secure technologies a target for hackers. Speaking before the Senate's Committee on Banking, Housing and Urban Affairs, Subcommittee on National Security and International Trade and Finance on Feb. 3, Troy Leach, the chief technology officer of the Payment Card Industry Standards Council, was blunt in the threat this posed. "Global adoption of EMV chip is necessary and important," he cautioned. "Indeed, when EMV chip technology does become broadly deployed in the U.S. marketplace and fraud migrates to less secure transaction environments..."
The changeover to the new system will likely not happen overnight. Canada, which began adopting EMV cards in 2003, still has not completed its transition from magstripe. By one estimate, after more than a decade into the change only 85% of Canada's POS systems accept EMV cards. One obstacle to which naysayers point is cost. The switchover to new POS terminals and cards is expected to cost a whopping $35 billion. However, such major retailers as Wal-Mart and Kroger have already installed new terminals capable of reading EMV cards in their stores.
Some retailers seem anxious to make the change as a security measure. "The retail industry is eager to work with banks and card companies to fight cyber attacks and reduce fraud," chief executive and president of the national Retail Federation Matthew Shay wrote in a Jan. 21 letter to Senate Majority Leader Harry Reid (D-NV) and House Speaker John Boehner (R-OH). "These efforts include installation of sophisticated new PIN-enabled point-of-sale-systems and readiness to adopt cards with more secure microchip technology. But the fact remains that retailers cannot do this alone."
The new card readers will also be suited for mobile contactless readers using Near Field Communication -- or NFC-- that will allow consumers to pay by an app on their phones. This is a good thing, since a recent report by the research firm Berg Insight predicts some 86% of point-of-sale terminals will accept NFC payments by 2017.
One final piece of the puzzle is the consumer. According to at least some in the field, consumers may prove hesitant to use the old magstripe readers. High-profile cyber-attacks and more local reports of "skimming" might make consumers wary of the older technology once EMV cards become more widespread. If this turns out to be true, then not having the upgraded readers could put retailers, including vending, at a distinct disadvantage.