Consultant’s Corner: Accepting EMV Chip Credit Cards
Q: What does the EMV law of October 1, 2015, mean for small businesses in regards to the liability shift, and how does it affect customers?
As of October 1, 2015, businesses that don’t accept EMV chip credit cards are responsible for paying for fraud that occurs on card-present, or point of sale, transactions other than at gas stations (the deadline for gas stations is October 1, 2017). EMV stands for EuroPay, MasterCard and Visa, and is the global standard for credit cards with encrypted chips rather than magnetic stripes.
While last October marked the start of the EMV card liability shift, accepting the chip cards isn’t mandatory for businesses. Most EMV cards still have magnetic stripes, so businesses can swipe those cards if they’re willing to risk the fraud liability.
To protect against the fraud liability associated with EMV cards, businesses need to update their credit card terminals (hardware and software) to be able to accept EMV cards from customers. Beyond updating the credit card terminal hardware and software, businesses need to train employees to use the new EMV technology, all of which can be costly. Therefore, in evaluating whether to adopt EMV technology, businesses need to consider both the cost of switching to EMV technology and their likelihood of fraud.
Why EMV?
The shift to EMV-chip credit cards in the U.S. is not mandated by federal or state law, but being driven by the credit card processing industry itself. As discussed in the following articles, the first of which explains:
“The U.S. government could have stepped in and forced the credit card industry to adopt EMV technology, which is aimed at preventing fraudulent use of credit cards in transactions where the card is present at a merchant’s terminal. But it’s not the government driving the shift.
Banks and the networks that process payments (such as Visa and MasterCard) prefer to avoid regulation, so they decided to “pull the trigger” on EMV themselves. If government had mandated the switch, it could have backed it up with fines or tax penalties. But the processors don’t have that kind of firepower, so instead they created the “liability shift” to produce an incentive.”
https://www.nerdwallet.com/blog/credit-cards/emv-chip-credit-cards-required-law/
http://time.com/money/4040808/credit-card-chip-fraud-emv/
The Liability Shift
As to the EMV liability shift’s impact on small businesses, as if the October 1, 2015 deadline set by major U.S. credit card issuers, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in certain fraudulent transactions. As discussed in the information above:
“What does the liability shift mean? First, it’s important to understand counterfeit fraud liability.
Before October 1, 2015, any time a consumer’s credit card was duplicated and used for purchases, the bank would refund the fraudulent purchase to the store, with the understanding that the bank could have done more to prevent the fraudulent transaction from occurring. This created an incentive for the bank to verify the cardholder’s identity.
Starting October 1, 2015, that liability for fraud shifts from the bank to the store in cases where the bank has provided an EMV credit card but the store has not upgraded to an EMV terminal. The logic behind this is that the credit card issuer did everything in its power to protect the consumer, and the store ultimately dropped the ball, so to speak. This creates the incentive for both the bank and the store to upgrade to EMV — so the bank can avoid refunding fraudulent transactions and the store can avoid losing money on fraudulent transactions. If neither the credit card nor the store is EMV-ready, then the traditional liability rules apply…”
As further discussed in the SBA information below:
“In an effort to reduce fraud, EMV Chips are becoming the standard for integrated circuit cards (IC cards), IC card capable point-of-sale terminals, and automated teller machines. Chip card transactions offer advanced security for in-store payments by making every transaction unique. Chip cards are also much harder to counterfeit or copy. If the card data and one-time card are stolen, the information cannot be used to create counterfeit cards and commit fraud.
For merchants and financial institutions, the switch to EMV means adding new in-store technology and internal processing systems. To get chip-enabled for your business, contact your acquirer or payment services provider.
The switch to EMV also means a change in liability for credit card fraud. Today, if an in-store transaction is conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction generally fall back on the payment processor or issuing bank, depending on the card’s terms and conditions.
Beginning on October 1, 2015, a deadline set by major U.S. credit card issuers including MasterCard, Visa, Discover and American Express, the liability for card-present fraud will shift to whichever party is the least EMV-compliant in certain fraudulent transactions.”
https://www.sba.gov/content/migration-emv-chip-card-technology-and-your-small-business
https://www.sba.gov/sites/default/files/files/EMV_101_Final.2_1.pdf
To develop a better understanding of the EMV liability shift’s impact on small business, you can review discussions like the following:
http://www.nfib.com/article/get-to-know-the-fundamentals-of-emv-67831/
http://www.businessnewsdaily.com/7859-emv-technology-small-businesses.html
http://www.paymentsleader.com/will-retailers-be-ready-for-emv-by-oct-2015/
https://www.nerdwallet.com/blog/small-business/study-small-businesses-ready-emv-credit-cards/
http://www.merchantmaverick.com/really-need-emv-chip-card-terminal/
The Effect on Consumers
As to the EMV liability shift’s impact on consumers, the EMV liability shift to banks and merchants has no impact on a consumer’s legal liability due to fraudulent use of the consumer’s credit card. With or without the EMV liability shift, a consumer’s liability for fraudulent charges on a credit card does not change from the legally mandated limit of $50, which is generally not even assessed against consumer victims of credit card fraud. However, consumers should benefit from the shift to EMV technology through lower instances of credit card fraud at least with respect to card-present transactions.