EMV (Europay, MasterCard, and Visa) continues to grab more headlines as the October 2015 deadline looms for U.S. retailers. The most consistent thing across these articles is how inconsistent some of the “facts” are as it relates to EMV. Depending on the personal perspective of who is writing the article, the goal may be to calm a retailer’s concerns and let them know they are not alone in delaying their EMV compliance, or it may be to alarm a retailer around the increased amount of fraudster attention they’ll be getting should they delay even a day further.
It’s time to start separating some of the EMV myths from the realities.
MYTH #1 – EMV Compliance is a Mandate
REALITY – There is no mandate for EMV compliance
Unlike standards from the Payment Card Industry (PCI) around data security, there will be no set financial penalties for non-compliance. Instead, what will be happening is a shift in liability for fraudulent transactions. As of October 1, 2015, the liability for a fraudulent transaction will shift to the least secure link in the payment transaction. If a customer comes to a retail store with a chip-enabled credit card and that particular retailer does not utilize EMV-compliant payment terminals and POS software for processing, then the credit card issuers are no longer going to be on the hook for the resulting chargebacks stemming from a fraudulent card being used. Rather, that liability will be shifted to the acquiring bank. And then the bank will then pass the liability back onto the merchant.
MYTH #2 – As of October 1, 2015 ALL fraudulent transactions will be the responsibility of the retailer
REALITY – Retailer will not be held responsible for certain types of fraudulent transactions
Fraudulent transactions are essentially retail transactions which involve the use of a stolen or counterfeit credit card. Retailer will NOT take on the liability of fraudulent transactions that involve:
- Lost or stolen credit cards
- Non chip-enabled cards (MSR cards)
- Merchant gift cards or private label cards
Determining a retailer’s actual fraud exposure can be an inexact science. Simply obtaining a chargeback report from your bank may not provide the whole story. In addition to the information or guidance from your bank, be sure to consider seasonality, along with any other upcoming shifts in your business projections.
MYTH #3 – All customers will have chip-enabled cards by October 1, 2015
REALITY – The latest estimates from the Payment Security Task Force indicate that only 63% of credit cards will be chip-enabled by October 1, 2015
Acceptance of non-chipped cards, and the associated liability, will continue to function as they do today.
MYTH #4 – Achieving EMV compliance is a predicable expense
REALITY – The costs to migrate existing systems and transaction flows in order to support chip-enabled cards will vary greatly across merchants
There are a variety of factors which determine the actual cost and timing of achieving EMV compliance: the retailer’s current existence of payment terminals (and their make/model), the application architecture of the POS application, the current switch and processor configuration, and the decision to incorporate end-to-end encryption and tokenization into the overall payment security implementation plan. There is also a significant backlog in vendor resource availability that needs to be taken into account.
The bottom line is that there is a lot of information circulating about EMV and with so many technology vendors and retailers scrambling to make sense of it all as they implement their own payment security designs, there is bound to be a lot of confusion and myths. For example, even in this article it was noted that the liability shift deadline for US retailers is October 1, 2015. Technically, that is not true for all retailers, as automated fuel dispensers at fuel stations, and other unattended devices, have until 2017 to obtain their compliance!
Take the time to understand the information that you get from your technology partners. If you haven’t done it already, I highly recommend you schedule a meeting ASAP with your payment processor or bank to understand the how the adoption of EMV will impact your business. The decision to implement EMV, and the planned timing, will vary from retailer to retailer. The best approach is to take the time to develop a specific strategy that makes sense for your organization.
I am interested in hearing your thoughts and perspectives on EMV. Please share your comments below.