The October 1, 2015, deadline for merchants to become EMV compliant or potentially face increased liability has come and gone. Yet, a significant number of both card issuers and merchants have not yet made the switch.
EMV is the acronym for the Europay, MasterCard, and Visa standard, sometimes referred to as "chip-and-pin." The standard was first introduced in Europe nearly 30 years ago, but the United States is just now making the transition. EMV cards contain microprocessor chips designed to make it more difficult to steal consumers' payment card information. Unlike magnetic stripe cards, the EMV cards create a unique code for each transaction. Even if a hacker obtains the code, it cannot be used again.
Card networks set October 1, 2015, as the deadline after which liability would shift for card-present chargebacks to the non-EMV compliant party in the United States. If a merchant has not implemented new EMV technology in its stores and a payment card with a new EMV chip is used to commit fraud in a card-present transaction, the merchant is now on the hook for the fraudulent transaction. In other words, a credit or debit card issuer that would normally be liable for a fraudulent transaction can now shift liability to the merchant if the issuer has upgraded its payment cards from magnetic stripe cards to EMV cards and the merchant has not yet upgraded its point of sale ("POS") card readers and software. If, however, neither the issuer nor the merchant are EMV compliant, or if both are EMV compliant, liability will remain the same as it was before the EMV standard became effective.
Despite the fact that the deadline has passed, the majority of merchants still have not upgraded their POS card readers and software to be EMV compliant. Several larger merchants have already made the conversion, but smaller merchants have been slower to make the transition and some are not even aware of the liability shift. Other merchants have weighed the risk and determined that the cost of replacing equipment (each new card reader can cost between $200 and $1,000) outweighs the cost of liability for any potential fraud. Merchants that are aware of the shift may also be experiencing a delay in the delivery of updated POS equipment required to accept the EMV cards. Overwhelmed software vendors are struggling to provide the software that is needed to communicate with the new EMV readers at the POS in a timely manner.
The EMV standard will not make every card transaction more secure. The standard applies only to card-present transactions, which means card-not-present transactions, such as those conducted online, will not be any more protected by cards with EMV chips than cards with magnetic stripes. Nevertheless, credit and debit card issuers have a big opportunity to decrease fraud losses by making the switch, if they haven't already.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
