The long-awaited credit card liability shift happens on Thursday, Oct. 1, and for many businesses and consumers, it will be a total surprise.
Despite articles describing the coming change in who has to pay for purchases made with counterfeit cards that have been running for years, and despite announcements from the president of the United States and many banks, many are blissfully unaware.
Unfortunately, the awareness of the change will come suddenly, and probably not in a pleasant way for most.
Just so you're clear on what's happening, as of Oct. 1, 2015, merchants may become liable for charges made using counterfeit credit and debit cards. The liability will happen if the merchant has a point-of-sale (POS) terminal that can read the new EMV chips embedded in credit cards. If someone copies the data from the magnetic stripe from a chip-enabled credit card and tries to buy something from a merchant, then the merchant becomes liable for any loss.
However, if the merchant doesn't yet have a chip-enabled POS terminal, or if the counterfeit card wasn't using magnetic-stripe data from a chip-enabled card, the issuing bank remains responsible for the liability. Banks and credit card issuers are rolling out cards with EMV chips as fast as they can print them. Credit card clearing services are replacing POS terminals with chip-enabled terminals as quickly as they can.
But as you'd expect, not everything is going smoothly.
ACI Worldwide, a global payments company recently conducted a survey of 1,000 adults in the United States and found that only a third of them knew anything about EMV-enabled credit cards, and that only about 60 percent had received a card with a chip.
Merchants are likewise in the dark. While most major merchants are at least aware of the EMV liability shift, and some like Walmart have already implemented EMV POS terminals throughout their companies, most others aren't so far along.
"More than a majority have never heard of it and certainly are not ready," said Craig Hoffman, a partner at Baker Hostetler, a law firm with a large privacy and security practice. "For larger merchants, most are ready, but some have been trying but aren't ready."
Part of the problem is that the process of becoming certified to handle EMV credit cards is taking longer than anyone expected, partly because the requirements and regulations are complex. "There are 200 different certifications you need," Hoffman said. He noted that a great deal depends on third-party providers also being ready, and if they're not ready, a merchant can't be ready, and there might not be anything they can do about it.
Hoffman used a couple of charts to illustrate the complexity of the process. The first shows exactly where the liability shift matters, and despite some misinformation that's been spread around, there's really only one instance in which a merchant will be liable for the value of things purchased on counterfeit cards. That instance occurs when someone uses a card that has a magnetic stripe that's been imprinted with a stripe from a card with an EMV chip. Otherwise, the issuer remains liable for bogus cards.