October 2015 is fast approaching, and with it, the EMV liability shift. As a retailer or restaurateur, you need to be ready, which at the very least means having all the details of the impending change down pat. Let’s delve into these details with a look at three key questions—and answers—about the EMV liability shift.
What is EMV, the EMV standard, and the EMV liability shift?
EMV stands for Europay/MasterCard/Visa, and the EMV standard is a standard developed by those three card associations. The standard calls for plastic debit and credit cards to be made chip-enabled by embedding microprocessor chips into them. While chip-enabled cards still have a magnetic stripe, the chip, rather than the magnetic stripe, is the mechanism for authenticating transactions. Here’s how: The chip generates a unique code for each transaction to the POS terminal—making sensitive information like the account number completely useless to anyone who has fraudulently obtained it. Unlike magnetic stripe cards, chip-enabled cards can’t be illegally duplicated (“cloned”), adding another layer of safety for users.
Meanwhile, the EMV liability shift, which as noted above takes hold in October, calls for a transfer of liability for fraudulent credit and debit card transactions from issuers to merchants—unless those merchants have migrated to POS technology that accommodates credit and debit cards manufactured in compliance with the EMV standard.
How do restaurateurs and retailers go about achieving EMV compliance, and how does compliance differ between the two categories of merchants?
Achieving EMV compliance in preparation for the EMV liability shift involves implementing POS technology that accommodates chip-enabled cards. However, there’s more to it than that. In addition to ensuring that your POS terminals are certified as EMV compliant (your POS vendor or reseller will let you know whether this is the case), you must ensure that your payment application is certified for EMV. You must also obtain certification from each card network (Visa, MasterCard, Discover, and American Express) through your acquiring bank.
It’s important to note that maintaining EMV compliance under the EMV liability shift “umbrella” may be more difficult for restaurants than for retail stores. Chip-enabled cards are being issued in two varieties—chip-and-signature and chip-and-PIN. When the former are used, validation occurs through a combination of the chip and the customer’s signature; with the latter, it happens through a combination of the chip and entry of the customer’s PIN on a PIN pad. The decision of whether to issue chip-and-signature cards or chip-and-PIN cards rests on card issuers’ shoulders. Unlike stores, many restaurants don’t have PIN pads and will need to add them at the front counter or implement pay-at-the-table technology with a PIN pad component.
What happens if I don’t move ahead with preparations for the EMV liability shift and am non-compliant with the EMV standard?
There’s no mandate compelling you go with the EMV liability shift “flow” and implement POS technology that accommodates chip card-based transactions. However, there are consequences for non-compliance. Maintaining non-EMV-compliant POS equipment once the EMV liability shift puts accountability for fraudulent card-present transactions leaves retailers and restaurant operators at risk for incurring financial losses from chargebacks and possible account data compromise penalties. The price tag here may be so high that it puts affected entities out of business. Retailers that carry high-end items may be more likely victims of card-present fraud because of the high resale value of their inventory, but depending on the scope of the data breach, restaurateurs may be hit just as hard.
Lack of preparation for the EMV liability shift and a resultant lack of compliance with the EMV standard also mean sacrificing exemptions from penalties charged by card issuers for “allowing” fraudulent card usage in their establishments. For example, as of the EMV liability shift date, MasterCard will exempt merchants from 100 percent of account data compromise penalties providing that at least 95 percent of MasterCard transactions originating in their stores.
Consider, too, that as the EMV liability shift compels merchants to achieve EMV compliance, incidents of fraud that may have been perpetrated against them will instead be perpetrated against those that have resisted migration to new technology. In other words, being non-compliant may mean a larger share of the fraudulent transactions pie—and all the headaches that accompany it.
By many experts’ reckoning, the benefits of deploying EMV-compliant POS technology—including, but not limited to freedom from worry about liability for fraudulent card-present transactions—far outweigh the drawbacks (e.g., new technology investments.) Now that you know the details of the EMV liability shift, it’s time to seriously consider boarding the EMV train.
