If You Don’t Accept Credit Cards with a CHIP… Your Fraud Liability Protection Will DIP
The EMV Initiative and Liability Shift
By Kathy Delaney Winger*
Financial Services and Data Security Attorney
If you are a merchant that accepts credit cards or a credit card issuer, the risk to your livelihood will potentially change exponentially on October 1, 2015. Your liability could increase or it could decrease – but it will change. The good news is that you have the opportunity to control what happens.
The change that is slated to occur in the credit card industry on 10/1/15 is known as the “liability shift,” which is part of a larger initiative to convert credit cards that currently use magnetic strip technology to credit cards that use chip technology. The initiative and chip are often described as “EMV,” which stands for Europay, Mastercard and Visa. The conversion, which has been in the works for several years, affects credit card issuers and merchants who accept credit cards.
The purpose of the conversion to chip technology is to reduce the credit and debit card fraud that is so pervasive (Americans are victims of 47% of the world’s credit and debit card fraud even though they own only 24% of the world’s cards) and costly (bank account fraud cost the industry $1.74 billion in 2012). Merchants and issuers in the United States have been slow to adopt EMV chip technology despite the fact that it has been around for over twenty years. However, it has been used in Canada and Europe for a number of years due to government mandates. After implementation of the technology, most countries experienced a reduction in in-person credit card fraud. For example, the UK realized a 50% reduction in fraud after implementation.
EMV chip cards differ from magnetic strip cards in the following respects: Magnetic strip cards are encoded with the same basic information, which terminals capture and pass on for authentication and authorization. EMV chip cards differ because, for each transaction, they provide operating instructions that begin card authentication and transaction processing. The chips, which are embedded in the credit card, generate a different, single-use code for every transaction. In theory, this makes hacking of credit card information and the use of fraudulent credit cards in physical and retail locations far more difficult. The cost of implementing CHIP technology ranges from $200.00 to $400.00 per machine.
To effectively transition to EMV chip technology, credit card issuers must provide chip cards (i.e., smartcards) to their customers and merchants must acquire card readers and software capable of processing smart cards. The purpose of the 10/1/15 liability shift is to provide additional impetus for the conversion. It does so by giving a new answer to this question: As between the merchant and credit card issuer, which party is liable for costs that result from fraud? After 10/1/15, the party who has the lesser technology will bear the cost. Thus, if a customer uses a smart card with a merchant who continues to use the old system, i.e., swipe and signature, the merchant will be liable for any fraudulent transactions that occur when the card is presented for payment. Merchants are not prohibited from using the old swipe and sign technology. However, if they do so after 10/1/15, they will then bear the cost of any fraud suffered as a result of that use. (Prior to 10/1/15, they did not.) If, on the other hand, a merchant is equipped to use chip technology, but the credit card company hasn’t issued a smartcard card to the customer, the credit card company will be liable for any fraudulent transactions that occur where the card is presented for payment. If the merchant uses chip technology on a customer’s smartcard and fraud still takes place, there is no shift and the credit card company continues to bear the liability for the fraudulent transaction.
There are two important facts to remember about EMV chips and the liability shift. First, the shift does not apply to fraud that occurs when a credit card is not physically present in a transaction, e.g., an online transaction. Second, for automatic fuel dispensers and ATM’s, the liability shift will not occur until October 2017.
In light of this upcoming liability shift, if they have not already done so, credit card issuers and merchants who accept credit cards would be well advised to consider implementing a plan to convert to chip technology. Failure to do so could very well result in substantially increased liability after October 2015. Moreover, insurers may begin to consider the use or non-use of EMV technology when determining whether to provide liability coverage and/or to pay a claim for credit card fraud.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
*Kathy Delaney Winger is a banking and business attorney who represents banks, credit unions, financial services companies and businesses in commercial and corporate transactions. She has more than 15 years of experience as an attorney in the private sector practicing banking, regulatory, compliance, business, consumer and commercial lending law. Prior to entering private practice, Kathy served as in-house counsel to the credit card division of a national bank and financial services company for more than 5 years. Kathy’s experience as both in-house and outside counsel provides a unique perspective for her clients. Kathy is a partner at Munger Chadwick, P.L.C., a full service law firm in Tucson, Arizona, that operates in virtually every practice area important for businesses. You can contact Kathy at kdwinger@mungerchadwick.com.
©2015 Kathy Delaney Winger