Preparing for EMV mandate in the U.S.
EMV® (Europay®, Mastercard® and Visa®) is a global standard for the authentication of chip-based credit cards. Chip cards, also known as “smart cards,” are credit cards that have sensitive cardholder information embedded in a data chip in the card, as opposed to traditional credit cards where the data is stored in the magstripe on the back of the card.
While the two types of cards may look the same, the way that the data is accessed to process a payment transaction is very different. Traditional credit cards are swiped through a magstripe reader, or credit card terminal in order to perform a transaction. Chip cards can be swiped too, but have extra security advantages when processed via EMV chip readers instead.
That’s where the impending mandate and EMV liability shift comes into play.
The EMV mandate and shift in liability
On October 1, 2015, merchants who do not use a chip card reader to process card-present transactions when a chip card is presented, can be held liable for any fraud that occurs as a result. In other words, after the liability shift takes effect, merchants who swipe chip cards instead of using EMV chip readers do so at their own risk.
You may be thinking, “But my customers don’t use chip cards, so why should I care?” The answer is simple. A wave is coming. The credit card industry has been paving the way for EMV to become the standard in credit card processing for several years. EMV Aite Group® predicts that about 70 percent of cards in the U.S. will have EMV chips by the end of 2015.
The benefits of EMV technology
EMV technology increases card data security mainly by making it virtually impossible to create counterfeit cards, and by requiring cardholder authentication that verifies that the card belongs to the person using it.
EMV technology has dramatically reduced card fraud resulting from counterfeit, lost and stolen cards in other countries where it is employed, but the U.S. is one of the last major countries to adopt it. The UK Cards Association reports that losses at U.K. retailers has fallen by 67 percent since 2004, and lost and stolen card fraud fell by 58 percent between 2004 and 2009.
A reduction in card-present fraud in other countries doesn’t mean that fraud is no longer a lucrative activity for cyberthieves. Instead, it means that fraudsters’ strategies and their targets have shifted in response. Card not present fraud (ecommerce, and mail/telephone order) and ATM fraud have increased. And a huge wave of fraud has been directed toward the U.S. where EMV hasn’t been fully implemented.
According to EMVCo®, as of December 2013, 99.9 percent of terminals in Europe are chip-enabled, 84.7 percent of terminals in Canada, Latin America, and the Caribbean are also chip enabled.⊃3; Add in the other eighty countries that currently have, or are in the process of migrating to EMV, and the U.S.’s vulnerability becomes clear.
Next steps for EMV compliance
If you want to comply with the mandate and avoid the fraud liability after October 2015, you’ll need to implement an EMV capable card reader that can interface properly with your POS system. If your POS system is incompatible with EMV technology, and can’t be updated, you may need to upgrade your system. Because there are also interface and integration considerations adding EMV acceptance is best done in partnership with your POS provider.
Vantiv works with POS system developers, value-added resellers, and merchants to help businesses achieve EMV compliance. Contact us, or your reseller today to get started.