You’ve probably been reading a lot of articles about the EMV liability shift, which starts today. However, many retailers remain confused about what EMV is and if they need to implement it now, later or at all.
Following is what retailers may not have read about EMV…
1. Are retailers required to support EMV payments by October 1? The short answer is “no”! EMV is not a legal requirement or card brand requirement. However, supporting EMV enables merchants to participate in the “liability shift” that has been in the news recently.
2. What does “liability shift” mean? In simple terms, “liability shift” means that liability for fraudulent CHIP cards will lie with retailers if their POS can’t read a chip, and will “shift” away from retailers if their POS can read a chip (versus swiping a card the traditional way). It is VERY important to note that stores are only gaining a benefit in the case of transactions involving fraudulent cards that have EMV chips in them.
3. If retailers don’t have EMV by October 1, won’t their liability increase? No. Merchants already bear liability for approved transactions involving fraudulently used cards. The only fraudulent transactions for which there will be relief after October 1 will be those involving chip enabled cards processed using the chip reading slot on EMV enabled pinpads. A large portion of cards in circulation do NOT have chips yet, and won’t for some time. Retailers will bear the same liability as they do now for fraudulent transactions involving non-chips cards that are swiped.
4. How do retailers decide if this is a technology they should invest in immediately? The best answer is to consider the amount of credit card fraud retailers currently deal with in their store(s). If fraud related chargebacks are a regular occurrence in their business, then implementing EMV sooner may be a good idea. If not, then merchants can justify delaying the expense and time associated with switching until a later date (perhaps after the holiday season or early next year). It may take anywhere from several months to years before all cards have chips in them, which means it will be a long time before retailers are covered for all fraudulent transactions, even if retailers do this now. Consider the fact that EMV went into Canada a full seven years ago, and only 50% of all Canadian merchants have switched as of today.
5. So retailers shouldn’t invest in EMV right now? It depends. October 1 is not necessarily an urgent deadline for all retailers. Many new EMV readers include P2PE (point-to-point) encryption that is very important for merchants who don’t currently have encrypted readers. Hardware-based encryption (encrypts the card data at the reader) protects the cardholder and the merchant, virtually eliminates the chance of retailers having a data breach, and significantly reduces the scope of PCI compliance. If retailers do not currently have encrypted readers (pre-EMV), such as the Magtek IPAD pinpad or Magtek Dynamag, this is a change they should plan on making in the next few months, so that they can move to encryption along with EMV. Eventually, all merchants should do it, as fraudsters are expected to focus more on stores that do not have EMV readers.