Understanding the Electronic Payments Alphabet Part Two: The Impending EMV Deadline

Last month, in part one of my series on electronic payment technologies, I briefly discussed Europay, MasterCard and Visa (EMV), the new method for issuing and accepting face-to-face card transactions that aims to reduce credit card fraud. While the technology and its many benefits should be top of mind for businesses, perhaps even more important is the approaching deadline that U.S. retailers face regarding their payment systems.

Beginning October 1, 2015, when any credit card fraud takes place, the liability for fraud will fall on the least EMV-compliant party (be it the merchant or card issuer). Therefore, to avoid a potentially significant increase in their liability, face-to-face retailers will need to have payment terminals and systems in place that are capable of reading and processing EMV card transactions.

Why the new standard for liability? Essentially, the EMV process is considered the new gold standard of payment technology. Not only does it involve cards with a more secure computer chip, it also utilizes more robustly protected terminals and processing systems. Unlike magstripe cards, the new chip card contains data that are updated at check-out, when the card is inserted into an EMV terminal. With this secure system in place, the process will be more difficult to interrupt, and the card will be more difficult to counterfeit.

Along with reduced instances of card fraud, fewer data breaches for brick and mortar merchants and an increased sense of security for customers, the technology brings other benefits. For merchants with EMV terminals capable of accepting both contact and contactless payments, if 75 percent of their card transactions originate from EMV terminals, they will be exempt from PCI DSS validation requirements each year (though they must still be PCI-compliant). Additionally, virtually all new EMV platforms provide retailers with the ability to accept contactless payments, which allow customers to pay via smartphone with Apple Pay and other similar payment methods. This is attractive to customers and allows retailers to stay ahead of this increasingly popular payment method.

The transition period begins this October and ends when all terminals and cards will be EMV-only—likely several years from now. During this period, terminals will accept both magstripe and chip cards, and cards will be issued with both magstripes and chips, which is referred to as “backwards compatibility.” And even though retailers with EMV terminals that accept magstripe-only cards can still be victims of fraud, they will not be liable for the costs of fraud because of their EMV compliance. That being the case, we recommend retailers update their terminals sooner rather than later.

Still, even as magstripe cards are completely phased out, we don’t expect fraudsters to give up; in the near term, they’ll likely continue to use fraudulent magstripe cards at storefronts, while in the long-term, they may shift more of their nefarious activity to the internet—a trend we’ve already seen in other countries. With that in mind, as your business considers its transition to EMV technology, be sure to also closely monitor charge-backs and reversals, check customer IDs at the point-of-sale and bolster e-commerce payment platforms with stronger controls, such as MasterCard’s SecureCode program and Verified by Visa.

Stay tuned to the blog early next month for the third installment in my series on Apple Pay and other NFC technology.