Process EMV (chip cards) or Be Responsible for Fraudulent Transactions
This article is written for card-present retailers only as the October 2015 rule changes discussed within are specific to card-present merchants. Card-present means the customer presents his/her card to you and it is swiped/inserted versus a card-not-present environment such as ecommerce where the card information is keyed in.
I’m writing this article because several brick & mortar retailers have expressed concern about the misinformation on EMV being distributed by some processors and salespeople. Therefore, the purpose of this article is to clarify how acceptance of EMV cards and the upcoming rule changes will impact card-present retailers and the decisions they will have to make by October 2015.
What is EMV?
The term “EMV” stands for “EuroPay, MasterCard, Visa,” which were the three companies that originally developed the standards for chip card processing. Therefore, in the credit card industry EMV is synonymous with the rules governing acceptance of chip card transactions and the reason why chip cards and POS (point of sale) devices are compatible around the world.
You may have noticed that a high percentage of newly issued credit and debit cards in the US now have a microchip embedded in the plastic. While the embedded microchip is new to the US, cards issued in many countries outside the US have had an embedded microchip for years. The purpose of the microchip is to reduce the value of stolen card data and the ease of conducting a counterfeit transaction.
The card companies realize that the old magnetic stripe technology used on US credit cards for the last few decades no longer has the security needed in the 21st century. Understand that all the bad guys need to conduct a fraudulent transaction is the information found on the magnetic strip. This information can either be skimmed off an individual card with some basic device or it can be obtained in mass quantities by hacking into merchant and provider databases. This is why merchant adherence to PCI DSS (Payment Card Industry Data Security Standards) and on-going breaches at major retailers and processors is so concerning for the card companies.
Embedding a microchip on to the card provides an important extra level of protection to reduce the value of stolen card data and counterfeit fraud. Basically, the microchip enables cryptographic processing whereby each transaction has dynamic authentication so each transaction becomes unique. This reduces the possibility of a counterfeit transaction. Of course, it also means that US merchants will have to have POS (Point of System) devices that can process the encrypted information in order for this extra level of security to work.
What US Merchants need to understand about EMV
There is a great deal of misinformation being generated by some providers and their salespeople in order to generate more POS device sales and leases. Unfortunately, some merchants are buying and leasing equipment from these providers that do not even process EMV cards. Here is the information merchants need to know about EMV and the October 2015 rule changes that affect card-present merchants.
Currently, most card-present counterfeit card losses are the responsibility of the bank that issued the card. However, on October 1, 2015 the card companies are changing the rules for that responsibility. Specifically, the entity responsible for the EMV information not being transmitted will be held financially responsible for certain card-present counterfeit card losses. That basically means that if the bank issued a card without the microchip than it may be responsible for any card-present counterfeit card losses. However, if the card had the microchip and the provider did not process the information, then the provider may be responsible for any card-present counterfeit card losses.
What merchants need to understand is that the provider will more than likely pass any such loss onto the merchant if the merchant did not have equipment capable of processing the EMV information.
Also, understand that chip cards will still have the magnetic stripe on the back of the card so merchants without the EMV POS devices can still process transactions. The card companies are not forcing merchants to invest in POS devices that can process an EMV transaction. However, they are using a pretty big stick via the counterfeit fraud loss rule changes to encourage merchants to invest in POS devices that can process EMV transactions.
Therefore, every card-present merchant needs to make a business decision – Do they want to take on the responsibility for counterfeit card losses at their place of business or do they want to invest in equipment that can process EMV transactions? Also, businesses need to make this decision well ahead of the Oct 2015 deadline to ensure they can obtain the needed equipment should they want it.
However, there are more decisions each merchant will need to make should he/she decide they want to invest in the EMV equipment. They need to decide if they want to incorporate NFC (near field Communication) or ApplePay and other such programs which allow the customer to place the card or cellphone near a receiving device to obtain the chip card information versus inserting the card in the POS device. Merchants also need to understand that some card issuers may require cardholders to key in a PIN number with the chip card transaction and some issuers may only require the signature. This means that a merchant may need to invest in an EMV PinPad due to the location of the POS device so the customer has some privacy when inserting their PIN number.
This information and other decisions merchants need to make will be covered in next month’s article.
