Most debit and credit cards within the U.S., and the purpose of purchase terminals and ATMs that read them, still use “magnetic stripe” technology. Magnetic stripes are obsolete and comparatively insecure, allowing fraudulent practices for example “skimming” (obtaining cardholder and account data by “reading” the strip, after which making fraudulent transactions or counterfeit cards). Magnetic stripe-based technology also doesn’t support secure data transmission through contact or near-field contactless interfaces, which is viewed as impeding the emergence of fully mobile cardless payment modes within the U.S.
Outdoors the U.S., the storyline differs. In Asia, Europe, and today in Canada, the payment industry technical standard is “EMV,” which utilizes a “smart” microchip baked into the credit card, and acceptance devices made to offer the nick-based standard. Even though the U.S. may be the largest user of payment cards on the planet, it’s been nearly the final country to consider and implement EMV in payment card transactions.
Since the EMV standard (produced by three major global charge card issuers – Europay, MasterCard, Visa – particularly to combat fraud) is inherently safer, the U.S. has become the “weak link.” Experts predict charge card fraud “migration” towards the U.S. Statistics bear this out. Based on a current Accenture study, in countries (like the U.K.) where EMV continues to be implemented, minute rates are declining, whilst in the U.S., they still rise. Area of the EMV business situation is the fact that nick-based payment technology enables “dual-interface” mixtures of cards and contactless mobile payment. The necessity to switch the old magnetic-based point-of- purchase acceptance devices to be able to implement EMV also presents an chance to allow contactless and mobile-ready technology in the POS.
The believed nationwide costs of converting to nick-based cards and POS acceptance products are about $8 billion. That’s been the main obstacle to implementation of EMV within the U.S. But major charge card issuers, facing mounting fraud losses, are forcing processing banks and retailers to apply the switchover.
The initial step for the reason that forcing process happened in 2013. By April 2013, all major U.S. charge card associations, Visa, MasterCard, Uncover and American Express, require “acquirers” (banks that hire retailers to simply accept or acquire charge card payments from card-issuing banks), providers, and sub-processors to achieve the capacity to process any EMV POS transaction, both contact and contactless. These entities must stick to payment network rules and finish approvals, to be able to begin processing and passing additional authorization data for EMV transactions.
October 1, 2015 Liability Shift
The next thing is a lot more significant, and it is now here. It directly affects any merchant who accepts debit or credit cards. Beginning today, on March. 1, 2015, MasterCard and Visa will shift liability for fraudulent counterfeit card transactions towards the “non-EMV compliant” party. Which means that, if your fraudulent transaction is created on the counterfeit card, and also the merchant doesn’t have EMV-compliant POS terminals, the merchant is going to be liable. When the merchant comes with an EMV-compliant terminal, and also the bank that issued the credit card issued a magnetic stripe card with no EMV nick, then your issuing bank is going to be liable.
Although most cards issued previously few years within the U.S. are actually chipped, based on most industry observers, a lot of America’s companies, particularly small companies, are not prepared for the shift to EMV, at the purpose of purchase. Reasons include too little awareness, along with a complex technical validation and certification procedure that is backlogged, and taking more than expected.
There’s a good quantity of fear and confusion concerning the March. 1 “liability shift.” Practically speaking, the conditions to which a merchant is going to be responsible for a dishonest transaction are fairly limited. First, the credit card should be a specific kind of counterfeit: a phony magnetic strip type card, with tracking data copied to the strip from the genuine nick card. Second, the merchant’s POS terminal device should be not capable of studying a message nick. That’s the only situation a merchant could be liable if this has been doing no problem apart from not getting the best kind of terminal equipment. However, if your counterfeit card includes a nick, and also the merchant doesn’t have a terminal able to studying the nick, but authorizes the transaction anyway, it will likely be responsible for that poor decision. In many other counterfeit card situations, the issuer remains liable. In addition, the “liability shift” applies simply to “card present” kinds of transactions, in which a customer presents a card at the purpose of purchase. Actually, many observers think this can drive fraud to “card not present” exchanges, i.e. online transactions. Still, the danger is real, as well as for certain kinds of retailers (ones who depend heavily on face-to-face card transactions), might be significant.
Steps to think about
While hardware upgrades could be costly, and complex in large organizations, the liability shift can make conversion to EMV-ready POS devices inevitable. Hospitality industry companies could be strongly advised to:
- Begin applying EMV now, should you haven’t already commenced
- Make sure that your processing and POS equipment providers meet relevant EMV security and certification needs and when not, review contracts to find out whether they can be ended in support of an EMV-ready vendor
- While upgrading to EMV, plan in advance, and think about deploying a built-in solution which will support some type of contactless mobile payment
- Use banks that handle your merchant services as well as their POS device providers to discover when and how they’re applying EMV
- Once EMV-ready terminals and related software are deployed, train front-office personnel about how “chip and pin” or “chip and sign” transactions work, and back-office also it personnel on configuration and validation needs essential to integrate EMV with legacy systems and work flows.
Bigger organizations face a far more complex CIO-level technology procurement and payments systems challenge, but there’s an abundance of consultants and vendors centered on EMV implementation. Small or large, the modification to EMV has already been well going ahead.