Report Outlines How Credit Card Networks Undermine Security, Block Competition

EMVCo leadership puts profits ahead of security, driving up costs for businesses and consumers, study says.

December 09, 2019

WASHINGTON— EMVCo, a global payments organization owned by the six largest card companies, has advanced standards that have diminished payment security in the United States and increased fraud risk, while helping its owners dominate the payments market, maintains a new white paper published by the Secure Payments Partnership (SPP). The report calls for payment standards to be drafted by organizations that meet the standards of open and fair membership and proceedings that apply to standard-setting in other areas of the economy.

Conducted by industry research firm Retail Payments Global Consulting Group (RPGCG), the report, “Payment Insecurity: How Visa and Mastercard Use Standard-Setting to Restrict Competition and Thwart Payment Innovation,” explores how EMVCo’s owners have driven up costs for businesses and consumers and left the United States with a fraud-prone payment card system, lagging behind other international markets.

EMVCo is run by Visa, Mastercard, American Express, Discover, JCB and China UnionPay. The organization produces technical specifications to ensure interoperability of payments, but the SPP report charges that those specifications become de facto standards with implications far beyond technical compatibility. Because EMVCo is run by the major card companies, it is not an appropriate organization to develop standards that have such high impact on the U.S. payments industry, the report states.

The Secure Payments Partnership (SPP), founded in 2018, represents and advocates for industries that span the payments system. NACS is a founding member, along with the Food Marketing Institute, National Retail Federation, National Grocers Association, First Data’s STAR Network and SHAZAM.

“The lack of input from outside groups into the decisions being made around security puts us all at risk,” said Lyle Beckwith, NACS senior vice president of government relations. “Banks, smaller card networks, consumers and merchants are being left out of the process, despite being integral to a well-functioning payment system.”

René Pelegero, the report’s author and RPGC president and managing director, said “It is our conclusion that the U.S. payments industry is being harmed by the card companies and EMVCo.” Pelegero said, “EMVCo’s ownership by the credit card companies has put profits ahead of security, driven up costs for businesses and consumers alike, and has left the United States with a fraud-prone payments card system even as fraud has been reduced in the rest of the world.”

Said National Retail Federation Senior Vice President and General Counsel Stephanie Martz, “This study shows that the card industry has repeatedly ignored innovations that could have given us a more secure system, and that cannot be allowed to continue.”

Dan Kramer, executive vice president, government and community affairs at SHAZAM, noted, “No single sector of the industry should be able to control the standards process to use it as a tool to shut down its competitors. The industry must work together to give consumers a more secure, transparent experience at card terminals.”