On August 9, 2011, Visa announced plans to accelerate the migration to contact chip and contactless Europay/MasterCard/Visa (EMV) chip technology in the United States. They believed that the adoption of dual-interface chip technology would provide stronger authentication and transaction security, and help prepare the US payment infrastructure for the arrival of Near Field Communication–based mobile payments by building the necessary infrastructure to accept and process chip transactions.
Visa set an effective date of April 1, 2013, for acquirer processors and subprocessor service providers to support merchant acceptance of EMV chip transactions.1 In January 2012, MasterCard announced their US road map to enable the next generation of electronic payments with EMV as the foundational technology.
The United States is one of the last countries to migrate to EMV chip technology.2
On October 1, 2012, Visa was the first of the major card brands to announce changes to their operating rules that would shift liability for various types of card fraud to the entity involved in the transaction process that provides the least secure environment. Since Visa’s announcement, MasterCard, American Express (AMEX), and Discover have all followed suit with rule changes that are essentially the same. EMV deadlines for rollout in the United States as mandated by card networks are:
Visa (October 2015). The party that is the cause of a contact chip transaction not occurring will be financially liable for any counterfeit fraud losses. Does not include automated fuel dispensers.
MasterCard (October 2015). If at least 95% of MasterCard transactions originate from EMV compliant point-of-sale (POS) terminals, the merchant is relieved of 100% of account data compromise penalties (excluding fuel).
AMEX (October 2015). AMEX has instituted a Fraud Liability Shift (FLS) policy that transfers liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology.
Discover (October 2015). Discover has instituted an FLS in the United States, Canada, and Mexico. The policy is a risk-based payments hierarchy that benefits the entity that leverages the highest level of available payments security.
Higher Level of Security Needed
With the pending liability shift and the increasing number of data breaches occurring in the United States today, it is more important than ever to move to a technology with a higher level of security. EMV secures the payment transaction with enhanced functionality in 3 areas: card authentication, protecting against counterfeit cards; cardholder verification, authenticating the cardholder, and protecting against lost and stolen cards; and transaction authorization, using issuer-defined rules to authorize transactions.
An EMV card stores payment information in a secure chip rather than on a magnetic stripe. Unlike a magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that can be used to conduct an EMV payment transaction successfully. Although large data breaches will unfortunately continue to occur, the perpetrators of these crimes will find it increasingly difficult to use these data to successfully conduct payment card fraud.
Several factors are now driving a dramatic increase in the issuance of EMV-enabled cards in the United States. In fact, the Aite Group recently predicted that by December 2015, 70% of credit and debit cards in the United States will contain a computer chip that conforms to the EMV protocol.3
What Should Merchants Be Doing?
- Assign in-house EMV expert/owner
- Ensure POS system supports all EMV payment types (contact, contactless/Near Field Communication, mag-stripe)
- Ensure POS provider and acquirer can assist by deadline
- Develop training program for employees affected
- Seek independent advice if you feel like your acquirer or POS provider is trying to take advantage of this change
What Not To Do
- Do not sign a lease for any standalone POS devices. Month-to-month rental programs for EMV-enabled terminals are available for less than $10
- Avoid long-term commitments, particularly if the provider can modify processing rates
- Don’t ignore the importance of migrating your POS to an EMV-enabled environment
US-based merchants not yet prepared for EMV functionality, need to be preparing now. With fraudsters targeting US-based merchants more and more—partly because of our continued reliance on mag-stripe technologies versus the rest of the world’s migration to EMV—US-based merchants do not want to be the “weak link” where card fraud liability will reside.
- Visa Sets US. Acquirer processor mandate for chip transaction processing. Visa Bulletin. http://usa.visa.com/download/merchants/bulletin-us-acquirer-mandate-080911.pdf. Accessed August 9, 2014.
- Smart Card Alliance. EMV chip payment technology: frequently asked questions. www.emv-connection.com/emv-faq. Accessed August 9, 2014.
- Morrison D. EMV adoption prediction: 70% in 18 months. Credit Union Times. www.cutimes.com/2014/06/10/emv-adoption-prediction-70-in-18-months?eNL=53976cbc150ba0d70ae07952&utm_source=Daily&utm_medium=eNL&utm_campaign= CUT_eNLs&_LID=170047018. Accessed June 10, 2014.