As retailers get ready for the 2015 holiday shopping season, six out of 10 Americans aren’t ready for the EMV liability shift set to go into effect on October 1, an ACI Worldwide survey reports. Two-thirds don’t know the United States is switching over to EMV chip-enabled smart payment cards, and nearly three in five consumers who own credit cards have not yet received a new chip-enabled card. But by the end of the year, 71 percent of credit cards and 41 percent of debit cards will be using the new technology, explains the Smart Card Alliance. With Black Friday looming, the Better Business Bureau is warning business owners and financial providers that if you and your staff aren’t ready for the EMV liability shift, what you don’t know can hurt you.
Understanding the EMV Shift
As the Better Business Bureau explains, the shift to EMV technology aims to reduce the volume of credit card fraud. Credit fraud has doubled in the United States over the past seven years, in contrast to the U.K. where it has declined to its lowest level in 16 years since adopting EMV technology. EMV chips reduce fraud because a chip contains a code that is unique for each transaction and cannot be used to make a second purchase, whereas magnetic stripe cards use the same sensitive data each time. With EMV cards, the user inserts the front top part of the card with the chip into the reader instead of swiping or dipping it. At the beginning of this transition, EMV readers will still process cards with magnetic stripes for backward compatibility, but, eventually, a complete shift to cards that process payments by tapping will occur.
Consequences of Non-Compliance
The EMV technology shift comes with a legal and financial liability shift that is set to take effect on a timetable laid out by the major credit card companies, as summarized in a Verifone chart. Currently, when fraud occurs as a result of a card being stolen or counterfeited, the payment processor or issuing bank is responsible for losses to the consumer. After October 1, liability will shift to whichever party in the transaction is least EMV-compliant. For instance, for MasterCard, if at least 95 percent of transactions occur from EMV-compliant point of sale terminals, the merchant will be relieved of 100 percent of penalties for account data compromises. The shift will affect automated fuel dispensers used at gas stations later, not taking effect for these businesses until October 2017.
The shift implies that your business can become liable for certain fraudulent card transactions that previously would have been covered by the bank or payment processor. For instance, if an individual who comes into your place of business uses a fraudulent card that only has a magnetic stripe to purchase $500 worth of items, you will not be held responsible for non-EMV compliance, but the bank or payment processor will remain liable, as under current practice. However, if an individual uses a chip-equipped stolen card in your store to purchase $500 of items, and you do not have the equipment to read the chip, you will be liable for repaying the $500 loss to the card owner. When you consider that some credit card scams involve multiple stolen cards, sometimes used by rings of multiple individuals making any purchases at the same store or retail chain, you can see how this could get expensive for your business.
Preparing for the Transition
Visa has provided a detailed step-by-step guide for merchants to get ready for the EMV transition. Most of the steps involve carefully assembling a transition team and working with experts, such as your IT team and the bank or payment institution that processes your credit cards. One of your team’s major goals will be to select which point-of-sale equipment and software, PIN pad devices, and EMV solution you will use. For instance, Sage Payment Solutions is an EMV-compliant debit and credit processing option that handles both mobile and point-of-sale purchases.
After selecting a solution that meets your company’s needs, Visa recommends that you develop an implementation plan and test your system first. Once your system is working, train your staff on how to use the new payment processing method. Then, perform a pilot store or pilot register installation to gain some live experience on a small scale before rolling out on a large scale. This will give you a chance to debug, document your procedures and make adjustments to ensure everything is working correctly.
If your business hasn’t already switched to EMV card readers, you may be at risk of being liable for any fraud that occurs. Educate yourself on the process and be ready for the transition comes October 1.