EMV Compliance: Are You Ready for the October 1 Deadline?

Many U.S. merchants and banks still use payment cards with magnetic strip technology that’s more than 50 years old. On October 1, 2015, a liability shift goes into effect that may entice businesses to adopt modern “chip” technologies and reduce the risk of counterfeit card fraud. Here’s critical information that merchants and consumers should know about the liability shift as they conduct business using payment cards in the near future.

Can you imagine using a computer from the 1960s to run your business? Of course you can’t. But many U.S. merchants and banks still use payment cards with magnetic strip technology that’s more than 50 years old. On October 1, a liability shift goes into effect that may entice businesses to adopt modern “chip” technologies to more effectively combat fraud from counterfeit cards. Here’s critical information that merchants and consumers should know about the liability shift going forward.

Dip or Swipe? The Lowdown on Chip Cards for Consumers

Although consumers aren’t directly affected by the upcoming liability shift, they’ll benefit from more secure credit and debit cards. Many people have already started to receive new EMV-compliant cards, which are easily identified by a small metallic square on the front. But they’re often uncertain how chip cards will affect their shopping experiences. Here’s the lowdown:

  1. Chip card payments take longer to process than magnetic strip card payments. Instead of swiping the metallic strip, chip cards are dipped into the card reader for about 10 seconds, giving the card’s chip and the merchant’s terminal time to communicate. Most shoppers will hardly notice the difference; it’s similar to paying in cash and waiting to receive change.
  2. U.S. chip cards will continue to be equipped with backup magnetic strips, at least for now. These may be used if the merchant’s card reader isn’t chip-enabled or the chip reader (or card) malfunctions.
  3. U.S. consumers typically won’t need to worry about memorizing additional personal identification numbers (PINs). Most U.S. chip cards will continue to require signatures, unless the card previously required a PIN.
  4. Traditional magnetic strip debit cards that formerly called for the use of PINs are likely to be replaced with the chip-and-PIN cards that are common overseas. However, some less sophisticated EMV-compliant card readers won’t initially be equipped to accept PINs, just signatures. To accommodate the transition period, U.S. chip-and-PIN cards will typically allow a signature in lieu of a PIN.
  5. It’s common for foreign merchants and automated payment kiosks to deny U.S. magnetic payment cards as an acceptable form of payment. But don’t assume that your new chip cards will be accepted overseas either, especially if the card doesn’t have a PIN. Before you travel internationally, contact your credit card company to determine whether you’ll need a different card, a PIN or an alternative method of payment where you’re traveling.

Pros and Cons of EMV Compliance

The U.S. Small Business Administration (SBA) estimates that payment card fraud will cost U.S. businesses about $10 billion in 2015. Card issuers in Canada and several European, Asian and Latin American countries have already seen payment card fraud rates drop significantly after they switched from magnetic cards to chip cards, also known as EuroPay, MasterCard and Visa (EMV) cards.

How do chip cards help fight payment card fraud? Like old-fashioned music cassette tapes, magnetic credit and debit cards store static information, making them easy targets for hackers. If a thief steals data from a magnetic credit card, he or she can copy the unchanging data onto a cloned card and use it to make purchases or withdraw cash.

Conversely, a chip card contains a tiny metallic square that’s actually a mini-computer. Chip cards generate a unique encrypted code for each transaction, so they’re more secure than magnetic cards when read by an EMV-compliant processing device.

To enhance security, major U.S. card companies have finally mandated a liability shift for certain payment card transactions, effective on October 1, 2015. The ultimate goal is to make the United States EMV-compliant and reduce payment card fraud rates — but that may be a long and confusing process. The SBA estimates that about 40% of U.S. payment cards will contain EMV chips by the end of 2015, up from 3% at the start of the year.

The downside of EMV compliance is cost. Chip cards are more expensive for banks to manufacture than magnetic strip cards. To ensure timely EMV compliance, banks must reissue thousands of chip cards, often before their expiration dates. Financial institutions also may need to upgrade their ATMs. In addition, merchants must upgrade to EMV-compliant equipment and processing systems to accept in-store card payments that are protected with EMV technology. These costs will be offset by a reduction in payment card fraud, however.

Myths and Misconceptions

There have been lots of rumors about EMV compliance in the business community. Just to clarify, merchants that haven’t upgraded their equipment and processing systems to the minimum EMV requirements won’t be arrested or shut down on October 1. There’s no federal law mandating that card issuers, merchants or consumers upgrade to EMV-compliant cards or equipment.

Instead, major U.S. card companies — including Visa, MasterCard, Discover and American Express — have voluntarily imposed a liability shift for counterfeit “card present” transactions that goes into effect for most merchants on October 1, 2015. Gas stations with automated fuel dispensers have until October 1, 2017, before their liability on counterfeit cards is shifted.

In the past, card issuers — including banks, credit unions and other financial institutions that issue debit or credit cards — generally accepted all liability for counterfeit payment card transactions. But on October 1, 2015, the liability for counterfeit in-store payment card transactions generally shifts to the party (either the issuer or merchant) that doesn’t support EMV.

In other words, if a merchant accepts an in-store payment with a chip card and processes the transaction using a magnetic-only card reader, the merchant will be responsible for replacing the funds from fraud losses, not the card issuer. Most new cards will be enabled with both chip and magnetic strip technology to facilitate the transition phase.

The liability shift doesn’t change the liability for online purchases, in-store transactions conducted using lost or stolen cards, or in-store transactions conducted using cards that only offer magnetic strips. Payment card issuers will continue to be liable for payment fraud that occurs with these types of transactions.

Payments on Mobile Devices

The liability shift is part of an ongoing effort to reduce payment card fraud. The next generation of payments is expected to be even faster and more secure than EMV cards. Instead of pulling a payment card out of their purse or wallet, consumers of the future will likely pay with contactless near field communication (NFC) mobile wallets. This technology simply requires a tap of the buyer’s smart phone or watch. As an added bonus, mobile payment devices may be protected with biometric data, such as thumbprints, to protect against lost or stolen cards.

Proactive merchants may decide to upgrade their equipment and internal processing systems to allow all three types of payments: magnetic strip cards, chip cards and mobile NFC devices. Doing so is likely to minimize the long-term cost and hassle of upgrading card readers, as well as providing optimal flexibility and fraud protection when processing transactions for years to come.