Home Data-Driven Thinking GDPR And Lessons From The Credit Card Chip Rollout

GDPR And Lessons From The Credit Card Chip Rollout

SHARE:

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Ryan Eney, director, legal, at OpenX.

In 2016, the retail and finance ecosystem was shaken up with the US introduction of EMV, the global credit card chip technology retailers were required to use when consumers made in-store purchases.

In years leading up to 2016, highly visible credit card fraud schemes surged. Privacy and fraud were top of mind for everyone in the supply chain, from retailers and payment providers that facilitated the transactions to the consumers who ultimately suffered the most. The industry recognized that substantial changes and a standardized approach were needed for greater consumer protections, and EMV – named after Europay, MasterCard and Visa, which created the standard – was rolled out.

While it was a big step forward for consumer protection, it also had a large impact on retailers that were forced to revamp their payment infrastructure. New systems were rolled out across the country, and banks and credit card providers issued hundreds of millions of new cards, allowing the EMV chip to become the norm in less than 24 months.

Like the EMV requirement rollout, the upcoming General Data Protection Regulation (GDPR) makes progress toward protecting consumers’ privacy, and the businesses affected must complete significant upfront work to comply. Ahead of the fast-approaching May deadline, the successes and failures of the EMV rollout can serve as a useful example.

EMV was one of the largest changes to payments in decades, and the first step toward compliance was to understand its scope.

With EMV, retailers became responsible for any fraud that occurred with their credit card processors, a liability that was previously carried by credit card companies. Similarly, advertisers and publishers face serious financial implications if they fail to comply with GDPR – up to 20 million euros in fines, or 4% of revenue.

Overcommunicate

Ahead of GDPR, advertisers and publishers should overcommunicate. During the EMV rollout, consumers were justifiably confused and frustrated. The chip insertion process is much slower than the traditional credit card swipe, and consumers directed their frustration at retailers. But had they known that the chip is more secure than the swipe, they likely would have been more open to the change.

For GDPR, an analogous issue will arise when publishers ask for consumers’ consent to use their data. Under the new regulation, publishers must clearly ask consumers to give consent for the use of their data rather than relying on obscure terms and conditions. They should clearly remind customers that it’s designed to protect their privacy to circumvent any pushback and confusion as the regulation goes into effect.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Consumers may be confused or alarmed by the sudden ask from brands, perceiving that their information is less secure if publishers are communicating more thoroughly about their process.

Watch partnerships

With the EMV rollout, retailers needed payment processors that could accept EMV payments and ensure a seamless process that was consistent from retailer to retailer. If they didn’t pick the right partners, they risked missing the deadline and, even worse, taking the blame for the poor user experience.

With GDPR, liability is also shared among all partners. A publisher could be compliant, but if it works with a single partner that is not compliant, then the publisher isn’t compliant either.

Think beyond May 25

The EMV rollout forced retailers to overhaul credit card terminals. It was costly and time-consuming, but smart retailers viewed it as an opportunity rather than a challenge. Retailers update credit card processors infrequently, which made the EMV rollout an ideal time for retailers to consider new payment options, such as Apple Pay.

Similarly, advertisers should view GDPR as a catalyst for positive change. Quality is the No. 1 issue in digital media and advertising. Protecting consumer privacy is important, but that’s only one element of the quality discussion. We should use GDPR’s privacy discussions as a time to also address fraud and subpar advertising experiences.

While there was short-term pain for retailers and consumers during the EMV rollout, the regulation was a positive development for the industry. GDPR will likely do the same. As EMV showed us, change can be a good thing.

Follow OpenX (@OpenX) and AdExchanger (@adexchanger) on Twitter.

Must Read

Closeup image bag of money and judge gavel. Lawsuit, auction, bribe and penalty concept.

The LG Ads Legal Saga Continues With A Fresh Suit, This Time Against Kroll

Alphonso co-founder Lampros Kalampoukas is suing Kroll for allegedly undervaluing the company by nearly $100 million to aid LG Electronics in a shareholder dispute.

Comic: Metric Meditations

The Startup Trying To Automate The Ad Platform Reconciliation And Refund Mess

The ad tech startup Vaudit, founded last year by Mike Hahn, aims to automate the process of campaign reconciliation atop major ad platforms.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

The Trade Desk Lays Out Its Case To Beat Walled Gardens. Does Wall Street Buy It?

The Trade Desk continued its shaky 2025 earnings schedule when it reported Q2 results on Thursday.

Magnite Targets CTV, SMBs And Google's SSP Market Share

The SSP is betting on the DOJ’s antitrust remedies, plus closer relationships with agencies, DSPs and mid-sized advertisers, to help it eat some of Google’s lunch.

Zillow Pilots Containerized RTB, As It Rethinks The Equation Of Quality And Cost

Zillow is the pilot brand advertiser to test a new programmatic buying strategy known as containerized RTB. The strategy embeds the DSP or ad-buying platform intelligence, in this case the startup Chalice Custom Algorithms, within the SSP, which is Index Exchange.