EMV transition a milestone, not the end of the road

Recently, I was granted the distinct privilege of testifying before the House Small Business Committee to comment on an issue that is of paramount importance to credit unions across the United States: The security of customer data in an era of rampant cybercrime. Specifically, I spoke to lawmakers about the significance of the transition to the EMV chip payment system and how EMV is but one part of a larger data security picture. 

Due to the traveling habits and job assignments of many of our members at State Department Federal Credit Union, and with 8 percent of our members located overseas at any given time, we began issuing EMV VISA credit cards in June 2012. We were one of the first financial institutions in the U.S. to do so. Today, our credit card portfolio, which exceeds 28,000 cards, is 100 percent EMV. 

{mosads}EMV chip technology brings a new layer of security to credit and debit cards by using a unique, one-time code to authenticate card transactions. That means that even if chip card data is stolen, it’s virtually useless for counterfeit fraud. This transition comes as fraud continues to rise. Visa estimates that about two-thirds of all in-store credit card fraud comes from counterfeit cards. Unfortunately, instead of focusing on EMV’s immediate customer benefits, some in the retail lobby continue to insist they are not ready for the switch despite having had about four years to prepare. In fact, a recent survey released by The Strawhecker Group found that only 27 percent of U.S. merchants anticipated they would be able to accept EMV chip card payments by the October 1 liability shift. 

Estimates hold that by the end of 2015, 70 percent of U.S. credit cards and 41 percent of debit cards will be EMV chip cards – roughly 650 million cards. In the end, issuers – including financial institutions such as credit unions – will spend about $1.4 billion replacing all active cards. 

The financial services industry has always been at the forefront of data security for our members and customers, investing billions in new technologies that have kept consumers a step ahead of criminals throughout the digital age. But the bad guys will never stop. With enough time, resources and tools, dedicated hackers will infiltrate a network. Crafting a solution that protects American consumers not only now but in the future requires everyone to step up to the plate – not just the financial industry, but retailers as well. 

The EMV transition is important, but it is just one milestone on the road to a new and improved era of data security. 

NAFCU was the first financial services trade association to weigh in on the data security issue on Capitol Hill in the wake of the 2013 Target data breach. In the years since, we have maintained our commitment to providing credit union members – and American consumers at large – the best protection possible from hackers. 

Undoubtedly, protecting data at the point of sale is not a complete solution. We must protect sensitive personal information at all stages of transmission and storage. The Gramm-Leach-Bliley Act requires credit unions and other financial institutions to meet certain criteria for safekeeping consumers’ personal information. Unfortunately, there is no similar, comprehensive regulatory structure that covers retailers, merchants and others who collect and hold sensitive information. 

NAFCU strongly supports the passage of new legislation requiring any business entity responsible for the transmission and storage of consumer data to meet standards similar to those imposed on financial institutions. All parties handling this data must do their part if we are to achieve the most effective defense possible against those who seek to profit at consumers’ expense.

Roche is president and CEO of State Department Federal Credit Union. SDFCU, chartered in 1935, serves more than 67,000 members worldwide and has more than $1.6 billion in assets.