EMV: Separating Myth from Reality

EMV Credit CardEMV (EuropayMasterCard, and Visa) continues to grab more headlines as the October 2015 deadline looms for U.S. retailers. The most consistent thing across these articles is how inconsistent some of the “facts” are as it relates to EMV.  Depending on the personal perspective of who is writing the article, the goal may be to calm a retailer’s concerns and let them know they are not alone in delaying their EMV compliance, or it may be to alarm a retailer around the increased amount of fraudster attention they’ll be getting should they delay even a day further.

It’s time to start separating some of the EMV myths from the realities.

MYTH #1 – EMV Compliance is a Mandate

REALITY  There is no mandate for EMV compliance 

Unlike standards from the Payment Card Industry (PCI) around data security, there will be no set financial penalties for non-compliance. Instead, what will be happening is a shift in liability for fraudulent transactions. As of October 1, 2015, the liability for a fraudulent transaction will shift to the least secure link in the payment transaction. If a customer comes to a retail store with a chip-enabled credit card and that particular retailer does not utilize EMV-compliant payment terminals and POS software for processing, then the credit card issuers are no longer going to be on the hook for the resulting chargebacks stemming from a fraudulent card being used. Rather, that liability will be shifted to the acquiring bank. And then the bank will then pass the liability back onto the merchant.

MYTH #2 – As of October 1, 2015 ALL fraudulent transactions will be the responsibility of the retailer

REALITY  Retailer will not be held responsible for certain types of fraudulent transactions

Fraudulent transactions are essentially retail transactions which involve the use of a stolen or counterfeit credit card.  Retailer will NOT take on the liability of fraudulent transactions that involve:

  • Lost or stolen credit cards
  • Non chip-enabled cards (MSR cards)
  • Merchant gift cards or private label cards

Determining a retailer’s actual fraud exposure can be an inexact science. Simply obtaining a chargeback report from your bank may not provide the whole story. In addition to the information or guidance from your bank, be sure to consider seasonality, along with any other upcoming shifts in your business projections.

MYTH #3  All customers will have chip-enabled cards by October 1, 2015

REALITY  The latest estimates from the Payment Security Task Force indicate that only 63% of credit cards will be chip-enabled by October 1, 2015 

Acceptance of non-chipped cards, and the associated liability, will continue to function as they do today.

MYTH #4  Achieving EMV compliance is a predicable expense

REALITY  The costs to migrate existing systems and transaction flows in order to support chip-enabled cards will vary greatly across merchants

There are a variety of factors which determine the actual cost and timing of achieving EMV compliance: the retailer’s current existence of payment terminals (and their make/model), the application architecture of the POS application, the current switch and processor configuration, and the decision to incorporate end-to-end encryption and tokenization into the overall payment security implementation plan. There is also a significant backlog in vendor resource availability that needs to be taken into account.

The bottom line is that there is a lot of information circulating about EMV and with so many technology vendors and retailers scrambling to make sense of it all as they implement their own payment security designs, there is bound to be a lot of confusion and myths. For example, even in this article it was noted that the liability shift deadline for US retailers is October 1, 2015. Technically, that is not true for all retailers, as automated fuel dispensers at fuel stations, and other unattended devices, have until 2017 to obtain their compliance!

Take the time to understand the information that you get from your technology partners. If you haven’t done it already, I highly recommend you schedule a meeting ASAP with your payment processor or bank to understand the how the adoption of EMV will impact your business. The decision to implement EMV, and the planned timing, will vary from retailer to retailer. The best approach is to take the time to develop a specific strategy that makes sense for your organization.

I am interested in hearing your thoughts and perspectives on EMV. Please share your comments below.


Ready for Chip Cards at POS?

Progressive Grocer – When a counterfeit credit card is used at a store’s checkout nowadays, the bank issuing the plastic takes the loss. But starting in October 2015, the liability shifts to U.S. retailers. In other words, they will be financially responsible for fraudulent transactions. To be prepared, merchants will need to upgrade their POS terminals to accept Europay Mastercard Visa (EMV) cards that have an embedded chip designed to protect consumer data.

Getting ready to accept chip cards has certainly been a hot topic of conversation in retail circles recently. Merchants have replaced or upgraded POS systems. So retailers are ready, right? Maybe.
A poll by Boston Retail Partners concluded that 650 percent more retailers will support EMV by October

Read full article: Ready for Chip Cards at POS?

'Chip and pin' use to rise 650% in 2015: report

RetailDIVE – The number of retailers accepting EMV (for “Europay, MasterCard, and Visa”), also known as “chip and pin,” will increase 650% by October this year, according to consulting firm Boston Retail Partners. That date reflects the deadline when liability for payment security issues shifts from banks to retailers. EMV technology — which uses a chip embedded in the card to spit out a unique code (or PIN) for every transaction — has been widely used outside the U.S. for years.

Read full Article: ‘Chip and pin’ use to rise 650% in 2015: report

EMV-Friendly Retailers Predicted to Increase 650 Percent in 2015 – A recent survey from technology consultancy Boston Retail Partners shows that businesses that accept EMV payments will increase 650 percent by October 2015 — the date that the shift in liability to merchants who do not enable EMV technology will take place.

EMV is a technology that has been widely adopted outside of the U.S. due to the added level of security that it provides card holders and merchants. The BRP survey shows that among the businesses surveyed, 63 percent list “payment security” as one of the Top 3 reasons why they will adapt their systems to EMV, and clearly key to this is the looming shift in liability that will be borne by merchants once October 2015 has come and gone.

Read full article: EMV-Friendly Retailers Predicted to Increase 650 Percent in 2015