Q: I have not done anything to prepare for EMV chip-and-PIN card acceptance. What happens if I am not ready by the deadline? Is this just like PCI compliance where I am only penalized if there is a data breach?
Michael Dattoma: The clock continues to tick, and the October 1 liability shift, where merchants will be 100 percent responsible for credit card fraud if they do NOT have the ability to accept EMV chip-and-PIN cards, is upon us. As you suggested, I think many retailers inaccurately think this is about PCI compliance when it is not. Sure it helps increase security, but this is all about money, about who pays for fraud. The liability shift places the fraud firmly on the shoulders of retailers that are unable to accept EMV chip-and-PIN cards as of October 1, 2015. PCI compliance only hits you financially if there is a data breach; this liability shift hits you immediately for any fraud after October 1, 2015.
Just so it is clear, if you are not EMV chip-and-PIN ready you will be liable for any fraud. If there is a fraudulent sale on a stolen card for $1,000, you will now own that fraud, not the credit card banks, if you do not have EMV chip-and-PIN readers. If you do have the readers, the banks will still assume the fraud liability. So the obvious conclusion is to make sure you can accept chip-and-PIN cards by October 1.
I first wrote on this upcoming liability shift way back in October 2013 and now we are only two months away to the most impactful shift in fraud liability the credit card industry has ever seen.
If you have not yet addressed this issue, if you have not made plans to get the proper software/hardware so you can accept EMV chip-and-PIN cards, the time to act is now. It may be a combination of responsibilities between your POS provider and your credit card processor that will be required to get this done. You will need a hardware device, typically a terminal that has the ability to accept EMV chip-and-PIN, mag swipe cards and have an NFC reader for Apple Pay. If you are going to make hardware changes to accept EMV chip-and-PIN you certainly want to have the ability to accept mobile payments such as Apple Pay, Google Wallet and Samsung Pay. The terminal will be integrated with your POS software in most cases.
The U.S. has been the laggard with EMV chip-and-PIN. The U.S. is responsible for over 50 percent of global credit card fraud so it is time for EMV to hit our shores in a big way as it has across Europe and Latin America. When countries implement EMV chip-and-PIN they see dramatic drops on in-store credit card fraud: 70 to 90 percent reductions in some countries.
As we move into August, typically a slower time for most retailers, now is the perfect time to get your store’s EMV chip-and-PIN set up.
If you would like more information on getting your stores EMV chip-and-PIN ready for the October 1 liability, you can contact Michael at Michael@retailmerchantservices.com