EMV — which stands for Europay, Mastercard and Visa — is a global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. In the wake of numerous large-scale data breaches and increasing rates of counterfeit card fraud, U.S. card issuers have migrated to this new technology to protect consumers and reduce the costs of fraud.
For merchants and financial institutions, the switch to EMV means adding new in-store technology and internal processing systems, and complying with new liability rules. For consumers, it means learning a new payment processes.
Want to know more about the ongoing transition and your EMV chip-equipped credit card? Keep reading.
Why are EMV cards more secure than traditional cards?
It’s that small, metallic square you’ll see on new cards. That’s a computer chip, and it’s what sets it apart the new generation of cards.
The magnetic stripes on traditional credit and debit cards store contain unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. That makes traditional cards prime targets for counterfeiters, who convert stolen card data to cash.
Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again.
If a hacker stole the chip information from one specific point of sale, typical card duplication would never work.
Is card dipping the only option?
Not necessarily. EMV cards can also support contactless card reading, also known as near field communication.
Instead of dipping or swiping, NFC-equipped cards are tapped against a terminal scanner that can pick up the card data from the embedded computer chip.
Dual-interface cards and the equipment needed to scan them are expensive. Right now, the first step is to success fully integrate EMV cards into the U.S. shopping scene. Dual interface will arrive later, although they are in production and rolling out slowly now.
If fraud occurs after EMV cards are issued, who will be liable for the costs?
If an in-store transaction is conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fall back on the payment processor or issuing bank, depending on the card’s terms and conditions.
Since the Oct. 1, 2015 deadline created by major U.S. credit card issuers Mastercard, Visa, Discover and American Express, the liability for card-present fraud has shifted to whichever party is the least EMV-compliant in a fraudulent transaction. All merchants need to make sure that they have the best credit card processor for their company. If you have a high risk company, you need a high risk processor, like eMerchantBroker.com.
Consider the example of a financial institution that issues a chip card used at a merchant that has not changed its system to accept chip technology. This allows a counterfeit card to be successfully used.
Today, any parties not EMV-ready could face much higher costs in the event of a large data breach.
Until recently, automated fuel dispensers had until 2017 to make the shift to EMV. However, a December 2016 Visa and Mastercard agreement now gives pay-at-the-pump gas terminals until October 2020 to become EMV-compliant.
So for now, gas stations do not fall under the existing EMV fraud liability shift rules. ATMs still have two fraud liability shift dates: Mastercard’s that recently passed in October 2016 and Visa’s in October 2017. Until both dates pass, ATMs will follow existing fraud liability rulings. If you are not an EMV merchant today, you need to consider changing.