The Truth and Complexities About EMV Certifications

As long as there's an existing perception that the transition to EMV has been a rocky one, there will always be scapegoats. Depending on critics’ preferred flavor of the week, responsibility for the hurdles to rapid market adoption may be placed (rightfully or not) on the shoulders of issuers, merchants, payment brands, processors, tech providers or even consumers. The latest evolution of the “EMV blame game” that has been forwarded over the last year or so is that end-to-end EMV certifications at many merchant point-of-sale (POS) and back-office systems have slowed EMV acceptance.

Let’s be clear: Placing blame and passing the buck doesn’t help anyone in the long run. What could be valuable to the end game of a more harmonious EMV landscape is for there to be a more universal understanding of the complexities that EMV certifications require of the payment ecosystem.

To fully understand how merchants interact with the payment brands that provide EMV certifications, we need to split those merchants into three tiers:

• Tier 1 merchants: These are the big-box stores with hundreds of locations — Target and Whole Foods, for example.
• Tier 2 merchants: Still sizable, these retailers may have multiple locations but are typically bound by regional borders, do less transaction volume and have unique POS requirements.
• Tier 3 merchants: These are “mom-and-pop” shops, like a neighborhood bodega or a local taxidermy craftsman.

As you can imagine, the tier 1 merchants receive much special attention from both the payment brands (Visa, MasterCard, AmEx, etc.) plus the Verifones and Ingenicos of the world because they present the most significant business opportunity. These retailers’ EMV migrations were mapped out well before the October 2015 liability shift. It should be no surprise, then, that of the roughly one-third of all U.S. merchants enabled to accept chip cards toward the tail end of 2016, many belonged to Tier 1.

Skipping ahead to tier 3 merchants, their business priorities rarely align with newfangled payment systems, so they’re able to be served by independent service organizations (ISOs) that deliver generic, unmodified EMV terminals that require simple, standardized certifications. Again, payment processors rarely need to be part of the equation, and there’s no special attention required. Tier 3 merchants make up the long tail of EMV adoption anyway, and many may not feel much pressure to prioritize an upgrade. Therefore, for them it just happens when it happens.

Tier 2 is where we tend to run into problems. Merchants like restaurants or smaller retail chains that have custom loyalty programs integrated within their POS terminals and back-office platforms require complex upgrades to these systems prior to the certification process. Additionally, they cannot use the generic barebones certifications and equipment that work for tier 3. It’s not the merchants fault that their certifications are more complex, and it’s not the processors fault that the work must be customized; it simply takes more time and man hours to move these dispersed, diverse, nuanced merchants through the certifications queue. Certifying these tier 2 merchants is the crucial step toward getting that merchant EMV adoption number up into the 50 percent to 60 percent range this year.

While we can certainly take learnings from other countries on how long pervasive merchant compliance with EMV should take — it gradually happens over a span of three years to five years rather than overnight — there’s no silver bullet for the unique factors inherently impacting the fragmented U.S. ecosystem of merchants and processors. We have a higher sheer number of merchants than pretty much anywhere else in the world due to our open, competitive marketplace.

Taking these realities into consideration, if we’re being honest with ourselves, we’re pretty much exactly where we ought to be in the EMV adoption cycle. As long as we work together as a payments community, understand where (and perhaps more importantly why) the bottlenecks and complexities reside, and introduce a measure of patience, we’ll get to that EMV-compliant promised land in due course.

Jack Jania is the senior vice president of strategic alliances at Gemalto, a digital security company.