October 1, 2015 was the deadline for most merchants to upgrade their credit card terminals to EMV-enabled devices or risk assuming responsibility for any counterfeit card fraud losses transacted at their business. Merchants that accept credit cards via automated fuel dispensers have a deferment until October 1, 2017 to comply or risk assuming the same liability.
EMV stands for EuroPay, MasterCard and Visa, which represent the three organizations that developed the specifications. Cards with this technology will contain an embedded microchip that makes counterfeiting nearly impossible, according the Visa. Each time the card is used, the chip will generate a unique one-time code to authorize the transaction. This feature is not easily duplicated in a counterfeit card. The processing of these cards is different than the magnetic-stipe cards we are accustomed to today. Cards with EMV technology are dipped into a credit card terminal versus being swiped. What this means for merchants is that new processing devices are needed to read the microchip.
According to a recent Nilson Report, the U.S. accounts for approximately 25% of worldwide credit card use, but accounts for nearly 50% of credit card fraud losses. As a result, U.S. banks are highly incentivized to see this new technology implemented. The U.S. is the last major market to adopt this technology, with the vast majority of the world having already done so. In fact, some European countries have been using this technology for more than a decade. It’s estimated that approximately 70% of non-U.S. credit card terminals are designed to accept the chip-based cards. Studies have shown that these markets have seen a significant decline in counterfeit card transactions since implementing this technology.
U.S. merchants that have not upgraded to EMV card readers yet run the risk of assuming the liability for any fraud losses related to any counterfeit cards they accept. Previously, the card issuer would have absorbed this cost. Today, if a criminal purchases $500 of product with a counterfeit EMV chip card and the store doesn’t have an EMV chip reader, the store would be liable for the $500 loss.
Merchants that haven’t yet upgraded have a decision to make. These new standards do not require the merchant to switch, only that they are now liable if they don’t switch. Business owners will need to decide if the cost to upgrade outweighs the potential cost not to upgrade. In markets that have adopted this standard, the vast majority of merchants have eventually upgraded, so it stands to reason that this trend in the U.S. will follow suit. Business owners who haven’t yet updated will need to ask themselves what exposure risk they are willing to accept between now and the time they eventually do upgrade.