Effective Oct. 1, liability for credit and debit card fraud theoretically shifts from banks to retailers that have not yet upgraded their payment terminals to accept the new chip-embedded plastic.
The EMV (Europay, MasterCard and Visa) smart cards, widely used in Europe and Canada, are considered more secure than older magnetic strip technology. Banks and financial services firms set the pre-holiday deadline to speed the transition following massive hacks at Target, Home Depot and other chains. But according to the National Retail Federation (NRF), they’ve been unable to meet their own deadline.
Only 40 percent of cardholders have received a new chip card, the trade association said, and credit card companies have been unable to grant the necessary software and payment terminals to retailers nearly fast enough for the Oct. 1 changeover.
In that instance, banks will continue to bear the burden of data breaches, as the new rule calls for the party using the least-secure technology to take the hit.
But as Computerworld pointed out, even having the updated card and equipment could prove problematic for unfamiliar shoppers and checkout clerks. The smart cards must be “dipped” rather than swiped, and have to remain in place until confirmed by the payment terminal. But with more than 20 vendors supplying the card readers, the confirmation alerts can vary.
All told, “It’s organized chaos a little right now,” Retail Association of Maine executive director Curtis Picard told the publication.
To help calm the chaos, Martin Ferenczi, president, North America, of leading EMV card provider Oberthur Technologies, provided TWICE with the following FAQ primer:
What is the liability shift?
Ferenczi: MasterCard, Visa, American Express and Discover announced the liability shift to encourage U.S. issuers and merchants to migrate from traditional magstripe cards to EMV. EMV is a more secure global interoperability standard that embeds a computer chip into each card to store the cardholder’s account details and create a unique, encrypted code for each transaction.
Right now, issuers incur the cost of card-present counterfeit fraud in stores. After October 2015, the institution with the lesser technology will be liable for fraudulent charges. That means that if the merchant has not upgraded to EMV, they will have to pay for counterfeit fraud instead of the card issuer.
What are the primary benefits of EMV?
Ferenczi: EMV protects against fraud but also protects the issuer’s brand. No issuer wants to have to overcome a major credit card breach such as Target or Home Depot. The breaches can do significant damage to the issuer’s reputation. Americans must be able to trust that when they make a purchase that their information is safe. EMV protects consumers and reduces the financial exposure for the issuer while assuring their brand remains well regarded.
How quickly is EMV being implemented in the U.S.?
Ferenczi: Banks are very quickly issuing cards, and the merchants are right behind them. Approximately 59 percent of U.S. point-of-sale locations are projected to be EMV compatible by the end of the year, according to a study by Aite Group. Every American will have multiple EMV cards in their wallet by the end of 2015. To support the EMV migration, Oberthur Technologies invested in its U.S. production capacity in order to produce several hundred million EMV cards annually.
How does payment technology in the U.S. compare to other countries?
Ferenczi: The largest, most developed countries internationally already have adopted next-generation EMV payment cards, which makes the U.S. an outlier and an easy target for hackers until the migration is complete. Many of these countries were late to adopt the global standard of chip cards, but once they did, they moved past the U.S. by implementing cutting-edge, more secure products and services.
