EMV’s official launch, which occurred on October 1, 2015, is getting a lot of attention in the press. That’s the day an EMV fraud liability shift occurred with some U.S. payment networks. This accountability changeover might leave you asking, “So who’s liable for what now? And when does it all kick in, again?”
Gravity Payments answers the tough questions, and separates fact from fiction, so you’ll know what to expect from EMV.
EMV is brand new technology.
EMV—also referred to as “smart cards” or “chip and PIN”—is already widely used in other countries as the global standard for secure transactions, and is well on its way in the U.S. The key element of EMV involves using dynamic digital data in every transaction, greatly increasing security and reducing risk of fraud.
Everybody was ready for EMV on October 1, 2015.
Industry experts estimated that only 20 to 30 percent of U.S. cardholders were EMV-ready on October 1, and it may take three to five years or more for EMV to be fully adopted across the country.
All fraud liability now rests squarely on the merchant’s shoulders.
Prior to this EMV overhaul, liability rested with the financial institution. After the initiation of EMV, in general, the party supporting the most secure technology for each fraud type will prevail in a chargeback. In the case of a technology tie, fraud liability remains with the card issuer, according to the EMV Migration Forum whitepaper, “Understanding the 2015 U.S. Fraud Liability Shifts.”
Fortunately, the liability shift only applies to card-present transactions, and does not pertain to lost or stolen cards, or card-not-present transactions. After the liability shift, the only kind of transaction that may affect a merchant would be if a counterfeit EMV card was processed through a traditional mag stripe card reader in-store after Oct. 1, 2015. Per Visa, the chance of this actually happening is quite rare, as EMV cards are designed to be almost impossible to counterfeit.
Any fraudulent transactions incurred by non-EMV swiped cards will continue to be covered by the card issuer.
You must implement EMV now or face the Feds and PCI DSS.
No government agency or industry group requires you to implement EMV. It’s also important to note that you don’t need EMV to be compliant with Payment Card Industry Data Security Standards (PCI DSS)—and it can’t make you compliant either. While EMV technology improves the security of processing credit cards, it doesn’t remove your need to follow the requirements of PCI DSS.
You’ll no longer be able to accept certain kinds of credit cards.
Whether you make the move to EMV or not, you can still process all types of credit cards. If you’re EMV-ready, just swipe older magnetic stripe cards through your new card reader. If you haven’t yet made the switch, EMV chip cards include magnetic stripes for the express purpose of working with existing payment terminals.
Having EMV makes your network bullet proof.
Unfortunately, data security breaches and getting hacked can still happen to you. EMV can help reduce fraudulent transactions, but it can’t shield you from everything else. Remember to safeguard your store by continuing to follow PCI guidelines and card-acceptance best practices.
Gravity Payments team members are eager to help and are on-hand to answer any questions you may have.
Call (800) 989-2135 or contact email@example.com.