There are more than a billion credit and debit cards in use in the United States today, but few are equipped with safer EMV technology. Credit card companies want to change this, but the main issue for EMV (Europay, MasterCard, and Visa) adoption is cost: The replacement of a billion payment cards plus the replacement of the payment terminals could total over $8 billion. On the other hand, the cost of credit card fraud is estimated to be as high as $8.6 billion per year, so there is incentive to get this done.
The credit card companies have a plan. They want to shift the liability to non-EMV compliant merchants and card issuers. MasterCard states: “Chip liability shift means that when a counterfeit, fraud transaction occurs in a country or region that has migrated to the EMV chip card platform, the liability for the transaction will shift to the non–chip-compliant party.”
In other words, if someone clones the magnetic stripe of your EMV-compliant credit card and uses it to buy groceries at a local supermarket that doesn’t have EMV POS terminals, the supermarket will be required to cover the cost of the fraudulent transaction.
Conversely, if the merchant is EMV compliant and has a POS system equipped to read EMV cards, and your card is not, because your financial institution has not started issuing them yet -- effectively forcing the merchant to run your card on the magnetic stripe reader -- then your bank or credit card company has to pay for the misuse of your card. This is actually the case when Americans visit Europe, where most transactions are CHIP+PIN. European payment processors “know” when a card is supposed to be EMV enabled, so they don’t accept non-EVM transactions on those cards. Most of the big banks in the US provide EMV chip cards to travelers who request them.
All three credit card companies agreed that, by October 2015, they will transfer liability for fraudulent transactions away from the party that has the most secure form of EMV technology. By October 2016, the liability shift extends to ATMs, and by October 2017, the liability shift extends to automated fuel dispensers. This has been in effect in Europe since Jan. 1, 2005.
CIOs who manage points of sale, ATMs, or other places with card readers need to take note of potential growing liability. If you are considering deployment of new payment terminals, it is probably a good idea to invest a few more dollars now and take advantage of EMV technology, both CHIP+PIN and Contactless, and save yourself a lot of trouble. If you’re not considering new terminals, it might be time to do plan for a transition by the end of 2015. The cost of those new terminals isn’t cheap, but the cost of the fraud might be worse.