As of last October, the EMV liability shift is a point of reality for consumers and businesses alike. Now, if your business is not yet chip-ready and card fraud occurs in a point-of-sale transaction in which a consumer uses a chip-enabled card, you — not the card-holder or issuer — could be liable for costs associated with the deception. Is your business lingering in this exposed state?
You may be inclined to view the liability shift as a burden on your organization, but the motivation behind the shift is sound. Payment fraud has become the largest theft-related threat facing business and consumers not just in the U.S., but around the globe. In 2013, the cost of payment fraud was $14 billion, according to Business Insider Intelligence. The U.S. accounted for a little more than half that amount — $7.1 billion.
In fact, until now, a disproportionate amount of card fraud has occurred in the U.S., and not just because we’re wealthier than other countries. Other developed countries have been quicker to adopt EMV technology, and experts agree it’s worked to help reduce payments fraud in those countries.
How EMV technology works
EMV — the abbreviation of Europay, MasterCard and Visa — uses small microchips built into debit and credit cards. When a consumer uses a chip-enabled card on an EMV-ready card-reader, that chip validates the transaction by producing a single-use code. This extra layer of security makes it much more difficult for criminals to counterfeit a card, and has already worked to reduce fraud in areas of the world that have already adopted the technology, such as Europe and South America.
Many people in the payments industry believe that EMV technology will have the same affect in the U.S. In fact, a study by the Association for Financial Professionals found that 92 percent of finance professionals feel EMV cards will reduce POS fraud, and 61 percent believe EMV will be the most-effective authentication method for reducing card fraud.
What should your business know?
As a business operator, you’re at greater risk from damage due to card fraud than larger corporations. Although companies with revenues in excess of $1 billion experience the most payments fraud, according to the AFP study, card fraud may be more harmful for a business with less financial cushion to fund its recovery efforts.
When card fraud occurs, someone has to pay for it. Until now, card issuers typically paid for the chargeback. Now, businesses will be liable for that cost — and possibly others — if the fraud occurs through their non-EMV POS terminal. The shift does not apply, however, to contactless transactions, such as purchases made online or over the phone.
Briefly, here are the factors that could leave you on the hook for fraud liability:
- A consumer makes an in-store purchase using a chip-enabled debit or credit card.
- Your business is not equipped with EMV-capable card-readers.
- Your old-style card-reader reads only the magnetic stripe on the chip-enabled card.
- The card or transaction is fraudulent.
In these scenarios, according to the EMV Migration Forum, the issuer — not you — would be liable:
- A consumer’s card only has a magnetic stripe, and not a chip, whether your card-reader is chip-enabled or not. Keep in mind, most banks and credit card companies have already issued chip-enabled cards to consumers to replace their old style cards.
- Your card-reader is EMV-capable and fraud occurs with a card equipped with a chip.
You can find a much more detailed list of liability scenarios in the EMV Migration Forum’s liability shift report.
If you’ve hesitated to make the transition to EMV-enabled terminals due to the transition costs, it’s time to make the move — as quickly as you can. The stakes are now higher for you if fraud occurs through your business’ use of non-EMV terminals.