Without Chip, Fraud Liability Protection Will Dip
If you are a merchant that accepts credit cards or a credit card issuer, the risk to your livelihood will potentially change exponentially on October 1, 2015. Your liability could increase or it could decrease – but it will change.
The good news is that you have the opportunity to control what happens.
The change that is slated to occur in the credit card industry on Oct. 1, 2015 is known as the liability shift, which is part of a larger initiative to convert credit cards that currently use magnetic strip technology to credit cards that use chip technology. The initiative and chip are often described as EMV, which stands for Europay, Mastercard and Visa. The conversion, which has been in the works for several years, affects credit card issuers and merchants who accept credit cards.
The purpose of the conversion to chip technology is to reduce the credit and debit card fraud that is so pervasive (Americans are victims of 47% of the world’s credit and debit card fraud even though they own only 24% of the world’s cards) and costly (bank account fraud cost the industry $1.74 billion in 2012). Merchants and issuers in the United States have been slow to adopt EMV chip technology despite the fact that it has been around for more than 20 years. However, it has been used in Canada and Europe for a number of years due to government mandates. After implementation of the technology, most countries experienced a reduction in in-person credit card fraud. For example, the United Kingdom realized a 50% reduction in fraud after implementation.
EMV chip cards differ from magnetic strip cards in the following respects: Magnetic strip cards are encoded with the same basic information, which terminals capture and pass on for authentication and authorization. EMV chip cards differ because, for each transaction, they provide operating instructions that begin card authentication and transaction processing. The chips, which are embedded in the credit card, generate a different, single-use code for every transaction. In theory, this makes hacking of credit card information and the use of fraudulent credit cards in physical and retail locations far more difficult. The cost of implementing chip technology ranges from $200 to $400 per machine.
To effectively transition to EMV chip technology, credit card issuers must provide chip cards (i.e., smartcards) to their customers and merchants must acquire card readers and software capable of processing smart cards. The purpose of the Oct. 1 liability shift is to provide additional impetus for the conversion. It does so by giving a new answer to this question: Between the merchant and credit card issuer, which party is liable for costs that result from fraud?
After Oct. 1, the party who has the lesser technology will bear the cost. Thus, if a customer uses a smart card with a merchant who continues to use the old system, i.e., swipe and signature, the merchant will be liable for any fraudulent transactions that occur when the card is presented for payment. Merchants are not prohibited from using the old swipe and sign technology. However, if they do so after Oct. 1, they will then bear the cost of any fraud suffered as a result of that use (prior to Oct. 1, they did not). If, on the other hand, a merchant is equipped to use chip technology, but the credit card company hasn’t issued a smart card to the customer, the credit card company will be liable for any fraudulent transactions that occur where the card is presented for payment. If the merchant uses chip technology on a customer’s smart card and fraud still takes place, there is no shift and the credit card company continues to bear the liability for the fraudulent transaction.
There are two important facts to remember about EMV chips and the liability shift. First, the shift does not apply to fraud that occurs when a credit card is not physically present in a transaction, e.g., an online transaction. Second, for automatic fuel dispensers and ATMs, the liability shift will not occur until October 2017.
In light of this upcoming liability shift, if they have not already done so, credit card issuers and merchants who accept credit cards would be well advised to consider implementing a plan to convert to chip technology. Failure to do so could very well result in substantially increased liability after October 2015. Moreover, insurers may begin to consider the use or non-use of EMV technology when determining whether to provide liability coverage and/or to pay a claim for credit card fraud.
Kathy Delaney Winger is a financial services and data security attorney who represents banks, credit unions, financial services companies and businesses in commercial and corporate transactions. She can be reached at email@example.com or 520-721-1900, ext. 221.