How New EMV Credit Card Requirements Affect Businesses
Although the EMV mandate for chip-enabled credit cards went into effect on October 1, only one-third of merchants are using chip card technology, Money reported at the end of October. Furthermore, only 40 percent will be EMV-compliant by the end of 2015, according to CreditCards.com. The distraction of the holiday rush is delaying some retailers from upgrading, and it may be next year before many stores make the transition. But with liability for non-compliant card processor fraud shifting from payment processors and banks to merchants, it’s in the best interests of both retailers and customers to make the move as soon as possible.
How EMV Chip Cards Work
The EMV (Europay, MasterCard, Visa) standard aims to reduce the frequency of credit card fraud by removing one of the vulnerabilities of traditional swipe cards. With the magnetic swipe method, the unique identifying information for each card is statically embedded in the card’s magnetic stripe, which makes it possible for thieves to use card-reading devices to copy the information from the stripe. Instead, the new EMV chip method uses wireless technology to dynamically assign each transaction its own unique identification code, preventing thieves from reusing stolen data. For additional security, EMV cards often combine a unique PIN number with the embedded chip for multi-factor authentication; although, not all EMV cards use PIN numbers.
How EMV Protects Consumers
The EMV standard reduces consumer risk of credit card theft by preventing thieves from duplicating magnetic card data. Since each transaction has a unique code, this reduces the value of stolen cards on the black market. Using PINs with EMV cards adds the additional protection of requiring a second verification method. In the U.K., credit card theft has declined 67 percent since the adoption of EMV standards in 2004, according to the UK Cards Association.
What EMV Means for Merchants
The new EMV standard includes new liability policies. Under the old magnetic swipe standard, liability for a fraudulent transaction fell on the payment processor or issuing bank. Under the new standard, the party that is least EMV-compliant is liable for the card holder’s losses. This means that if a merchant has adopted EMV technology, it will not be held liable for consumer losses in the event of fraud, but liability will fall back on the card holder’s payment processor or bank. On the other hand, if the merchant has not made the switch, they can be held liable. Some fraud cases involve multiple cards and purchases made at different locations in the same retail chain, so liability costs for non-compliance can add up.
This makes it in the best interest of merchants to switch over to EMV chip technology to avoid liability risks. Making the transition requires adopting new point-of-sale equipment and software, PIN pad devices and an EMV solution. Ideally, merchants should select an EMV-compliant debit and credit processing option, such as Sage Payment Solutions, that can process both mobile and point-of-sale purchases. When adopting a new EMV solution, businesses should work with their banks or payment institutions, train their teams on how to use the new equipment and perform a test run at a pilot store or register before completing a full-scale transition.
The longer retailers wait to adopt an EMV solution, the longer they risk having liability for customer losses and the longer they put their customers at risk. The sooner they make the transition, the better off merchants and their customers will be.