New Report Shows How Credit Card Companies Undermine Security and Competition

12/6/2019, 5:06 PM (Source: GlobeNewswire)

Washington, Dec. 06, 2019 (GLOBE NEWSWIRE) -- A new, in-depth report Payment Insecurity: How Visa and Mastercard Use Standard-Setting to Restrict Competition and Thwart Payment Innovation, conducted by noted industry research firm Retail Payments Global Consulting Group, L.L.C. (RPGC), on behalf of the Secure Payments Partnership (SPP), highlighted a systemic pattern of decision-making by EMVCo, an organization owned by the world’s six largest payment card companies, that put in place standards with diminished security and lead to more fraud risk just to help those card companies dominate the market.

The paper concludes that the leadership of EMVCo has put profits ahead of security, driven up costs for businesses and consumers, and left the United States with a fraud-prone payment card system, lagging behind other international markets. EMVCo claims to merely produce technical “specifications” needed to ensure interoperability, but those specifications become de facto standards with implications far beyond technical compatibility. Because EMVCo is run entirely by the major card companies, it is not an appropriate organization to develop standards that have such high impact on the U.S. payments industry. 

“It is our conclusion that the U.S. payments industry is being harmed by the card companies and EMVCo,” said the report’s author and RPGC President and Managing Director René Pelegero. “The setting of payments standards for topics such as authentication and tokenization should be migrated away from EMVCo to independent and neutral national or international standards-setting bodies. EMVCo’s ownership by the credit card companies has put profits ahead of security, driven up costs for businesses and consumers alike, and has left the United States with a fraud-prone payments card system even as fraud has been reduced in the rest of the world.” 

“Millions of Americans have experienced credit card fraud and that’s unacceptable,” National Retail Federation Senior Vice President and General Counsel Stephanie Martz said. “Our payments system should be the strongest and most secure in the world, but we won’t get there unless we change the way we set security standards. This study shows that the card industry has repeatedly ignored innovations that could have given us a more secure system, and that cannot be allowed to continue. NRF remains committed to continuing our work with the card companies to find lasting solutions that will protect businesses and consumers alike.”

The report shows: 

  • That Visa and MasterCard own and control EMVCo and ensure it sets standards that Visa and MasterCard can use to beat competitors before the game even starts.
  • How EMVCo bolstered Visa’s 20-year-plus battle against unaffiliated debit networks, resulting in the implementation of less-secure chip-and-signature EMV cards in the United States.
  • How EMVCo adopted expensive, complex and difficult-to-implement technology such as NFC because it prevents other competitors from entering the mobile payments market.
  • That EMVCo adopted an anticompetitive tokenization standard that discriminates against debit networks and non-card forms of payment.
  • How EMVCo ignored the work of other standards-setting organizations such as the Fast Identity Online (FIDO) Alliance and World Wide Web Consortium (W3C) that were developing open standards for authentication that would have allowed other competitors into the system.
  • That EMVCo has introduced the Secure Remote Commerce standard, which purports to become a new integrated checkout platform for online payments that has the potential to make it difficult to route transactions through unaffiliated debit networks, create higher dependence on the card companies and increase merchants’ payment processing costs.

EMVCo and its owners, the card companies, routinely dismiss innovations and new standards in order to maintain their dominance over the industry. The paper highlights how EMVCo uses jargon like “compatibility,” “interoperability” and “secure transactions,” but contradicts these concepts with their own practices. 

“The lack of input from outside groups into the decisions being made around security puts us all at risk,” says Lyle Beckwith, Senior Vice President of Government Relations at the National Association of Convenience Stores. He continued, “Banks, smaller card networks, consumers and merchants are being left out of the process, despite being integral to a well-functioning payment system.”

Dan Kramer, EVP, Government and Community Affairs at SHAZAM noted, “No single sector of the industry should be able to control the standards process to use it as a tool to shut down its competitors. The industry must work together to give consumers a more secure, transparent experience at card terminals.” 

About SPP

The Secure Payments Partnership represents and advocates for industries that span the payments system. We advance sound policies that drive state-of-the-art technologies, competition and collaboration to continually improve the nation's payment infrastructure, meet the evolving needs of commerce, and provide businesses and consumers convenience, flexibility and security in payment options. The Secure Payments Partnership is committed to making the U.S. payments infrastructure the strongest, most innovative and most secure in the world. To learn more, visit

About RPCG

Retail Payments Global Consulting Group L.L.C. (RPGC) is a highly specialized management consulting firm advising clients in consumer payments. RPGC believes the payments function is a strategic asset to any company engaged in commerce and it provides tailored strategic and tactical guidance to help their Clients develop pragmatic payments management strategies to best support cross-border trade and optimize corporate money movements. To learn more, visit

David O'Brien
The Secure Payments Partnership
Copyright GlobeNewswire, Inc. 2016. All rights reserved.
You can register yourself on the website to receive press releases directly via e-mail to your own e-mail account.