Beginning on October 1, 2015, major credit card companies will change they way they assign liability as they require point of sale merchants to conform to new technical standards. Many credit card holders will have already received one of these new cards containing an embedded chip in anticipation of this shift in liability. Let’s dig a little deeper into the technical aspects of these new compliance standards and what they mean for businesses.
What is the EMV compliance liability shift?
Beginning in 2012, EMVCo, a consortium of major credit card companies that handles credit card compliance standards, began planning the implementation of chip card standards. Already in place across much of Europe, Asia, and South America, these standards rely on credit cards containing a computer chip that is read by merchant kiosks as opposed to a traditional swipeable strip. Cards with a computer chip are far more difficult to fraudulently clone, and this is particularly welcome news as almost half of worldwide credit card fraud takes place in the US. These new credit cards come in two forms: chip-and-PIN and chip-and-signature. The chip-and-PIN cards will require a four or six digit PIN to be entered while the chip card is inserted into the point of sale terminal. Chip-and-signature cards will require only a matching signature while the card is inserted. Most credit card companies and banks in the US have issued, or will be issuing, cards of the chip-and-signature variety. While these are slightly less secure than chip-and-PIN cards, credit card companies were reportedly concerned that entering a PIN with each transaction would lead consumers to avoid credit card transactions all together. Whichever type is used, EMV compliance standards should mean transactions are far safer for the average consumer.
As liability rules currently stand, the card issuer is liable for fraudulent transactions made with a particular credit card. However, following the October 1 liability shift, if a merchant’s point of sale terminal is not compliant with these new EMV compliance standards, then the merchant will be held liable for the fraudulent transaction. This shift in liability represents a key reason for businesses to check their equipment and systems are up-to-date. Not doing so could potentially lead to significant costs if any fraud were to take place.
What it means for businesses
While this does not necessarily signal a drastic change in the way a merchant does business, it could represent a significant investment in terms of new card readers and training for retail employees. Retail locations are still able to process transactions at terminals that have not been updated to meet EMV compliance standards after October 1st, but doing so puts them at risk to be liable for fraudulent charges. All merchants should do their due diligence to find out if they’re ready for the liability shift. In particular, small businesses that don’t have batch processing in place should check with their point of sale provider and confirm whether they need new terminals and whether the software systems they have in place are capable of handling the switch. Should consumers not have been provided with a chip-and-PIN or chip-and-signature card by October 1, the liability will remain with the issuing bank or credit card company.
The EMV compliance liability shift also affects processors of online transactions. While specifically targeted at in-store transactions, online merchants are similarly looking to take on additional protections provided by EMV to avoid fraud. These options can include additional security questions built into e-commerce sites, providing online shoppers with a temporary PIN while they complete their transaction, and updating software systems to add these capabilities and provide additional data security. If businesses are unsure as to how their e-commerce solutions can be enhanced, a software development company should be able to provide guidance as to how best enhance security for themselves and their customers.
The shift in liability for EMV compliance likely doesn’t mean drastic operational changes are necessary for the majority; however, it certainly has major repercussions should merchants and retailers not be up-to-date with their compliance and equipment. Business owners and decision makers should ensure they are positioned to conform to EMV standards for any point of sale equipment they use and check that any software systems utilized are likewise able to handle the additional data and security protections.
Do you have any thoughts on EMV compliance standards and how businesses can get ready for them? Let us know in the comments below.
If you would like to learn more about the EMV compliance liability shift or have any questions about how custom software development can help with conforming to data security standards, don’t hesitate to contact us today to speak with an software expert.