Upgrade to EMV or Face Liability Shift - By Avi Jorisch

Starting October 1, 2015, merchants accepting credit cards will need to seriously consider whether they wish to upgrade their existing technology to become EMV compliant or face a liability shift. EMV technology is a joint effort by Europay, Mastercard and Visa to standardize the way in which payment processing is conducted around globe. EMV will ultimately replace the magnetic stripes on all credit and debit cards, by inserting an electronic chip to ensure transactions are conducted using cryptography and digital signatures.

Below, I thought it would be beneficial to post a First Data Q/A for merchants wanting to learn a bit more: 

What is EMV?

EMV, also known as a chip card, is a globally accepted smart chip technology payment standard established by EuroCard, MasterCard® and VISA® in the early 1990s. EMV cards come with an embedded microprocessor that provides better transaction security, card authentication and additional application capabilities not possible with traditional magnetic stripe cards. The chip on an EMV card interacts with the merchant’s point-of-sale device and is very difficult to duplicate.

How does EMV technology benefit merchants?

EMV increases security and fraud protection against counterfeit, lost or stolen payment cards.

How does EMV help prevent fraud?

Each EMV card comes with an embedded smart chip that is programmed by the card issuer to create a unique cryptogram (a secret code) for every transaction. The code represents a randomly generated numeral provided by the point-of-sale (POS) terminal at the time that the purchase amount is keyed in by the cashier. Use of an EMV chip triggers cardholder verification required for authentication: Chip & PIN; Chip & signature; or nothing. If connectivity with the card issuer is unavailable during the transaction, the chip determines whether the transaction may be processed offline.

What is the timing for EMV in the U.S.?

The U.S. is one of the last industrial countries to migrate to EMV chip card technology as a payment standard. October 1, 2015 marks the date on which fraud liability shifts for all non-EMV enabled point-of-sale devices (except for automated fuel dispensers at gas stations). U.S. Banks have already started issuing EMV cards and it is expected that by the end of 2015 there will be 166 million EMV credit cards and 105 million EMV debit and pre-paid cards in circulation in the US.

What exactly does the liability shift mean?

Starting October 1, 2015, the party that provides the most EMV options will be protected from financial liability originating from counterfeit, lost or stolen card-present transactions. For example, if a chip card is presented to a merchant who has not adopted an EMV-enabled terminal, liability for counterfeit fraud will shift to the merchant’s acquirer who will likely charge the fee back to the non-EMV compliant merchant. If a counterfeit magnetic stripe card (non-EMV chip card) is presented at an EMV-enabled terminal, liability will remain with the card issuer.

Am I required to support EMV?

You are not required by law to support EMV at this time. However, you may be putting yourself and your customers at risk, as fraud liability migrates to non-EMV enabled parties. Ensuring that your POS terminal(s) are chip capable and that your payment processing application can accept EMV chip card is good business.

Who is enforcing EMV?

There is no government entity or authority that is overseeing or enforcing migration to EMV in the US. However, the Payment Card Industry Security Standards Council (PCI SSC) and EMVCo, the official EMV standard governing body, are collaborating with major card issuers on EMV chip technology adoption and implementation in the US. As such, all merchants who are accepting electronic card payments will be required to continue meeting PCI security compliance processes and be subject to the liability shift set forth by card issuers.

What happens if don’t upgrade their POS system to EMV?

Starting October 1, 2015, the merchant whose POS system is not EMV-enabled will assume full liability risk for fraudulent card-present transactions when processing chip cards on a non EMV-enabled terminal. Also, migration to EMV is a perfect opportunity for merchants to enhance their electronic payment acceptance by adding additional payment forms including PIN debit, NFC (e.g. ApplePayTM), and introducing other value-added programs to engage with their customers.

How are EMV transactions different?

With EMV, customers will no longer hand over their payment card to a store associate/cashier for processing. Rather, a customer will keep the card in his/her possession and control at all times. Instead of swiping the card, as is the case with magnetic stripe cards, the customer will insert or “dip” the card into the EMV card reader and leave the card in the terminal until prompted to remove it. Because the customer will be required to insert (or tap, in case of an NFC card) the card, follow the prompts, enter a PIN and/or sign and remove the card at the appropriate time, an EMV-enabled payment device will have to be available.

When is a signature required with a chip transaction?

Although chip cards that require a PIN will be the norm, some may be configured to allow for a signature. From the merchant’s and cardholder’s perspectives, nothing changes. The card must remain inserted in the terminal during the entire transaction. If a chip card is removed prematurely, the transaction will be canceled. The terminal determines whether a PIN or signature is required, and the employee simply follows the prompts. When a signature is required, a signature line is printed on the receipt for the customer.

What can merchants do now to prepare for EMV?

To migrate and successfully adopt EMV chip card technology, merchants must first clearly understand EMV’s requirements, timelines, and potential impacts on their business operations. Merchants should engage a POS provider to assess their options and develop a roadmap for migrating to an EMV-enabled payment system.