eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
The long-awaited credit card liability shift happens on Thursday, Oct. 1, and for many businesses and consumers, it will be a total surprise.
Despite articles describing the coming change in who has to pay for purchases made with counterfeit cards that have been running for years, and despite announcements from the president of the United States and many banks, many are blissfully unaware.
Unfortunately, the awareness of the change will come suddenly, and probably not in a pleasant way for most.
Just so you’re clear on what’s happening, as of Oct. 1, 2015, merchants may become liable for charges made using counterfeit credit and debit cards. The liability will happen if the merchant has a point-of-sale (POS) terminal that can read the new EMV chips embedded in credit cards. If someone copies the data from the magnetic stripe from a chip-enabled credit card and tries to buy something from a merchant, then the merchant becomes liable for any loss.
However, if the merchant doesn’t yet have a chip-enabled POS terminal, or if the counterfeit card wasn’t using magnetic-stripe data from a chip-enabled card, the issuing bank remains responsible for the liability. Banks and credit card issuers are rolling out cards with EMV chips as fast as they can print them. Credit card clearing services are replacing POS terminals with chip-enabled terminals as quickly as they can.
But as you’d expect, not everything is going smoothly.
ACI Worldwide, a global payments company recently conducted a survey of 1,000 adults in the United States and found that only a third of them knew anything about EMV-enabled credit cards, and that only about 60 percent had received a card with a chip.
Merchants are likewise in the dark. While most major merchants are at least aware of the EMV liability shift, and some like Walmart have already implemented EMV POS terminals throughout their companies, most others aren’t so far along.
“More than a majority have never heard of it and certainly are not ready,” said Craig Hoffman, a partner at Baker Hostetler, a law firm with a large privacy and security practice. “For larger merchants, most are ready, but some have been trying but aren’t ready.”
Part of the problem is that the process of becoming certified to handle EMV credit cards is taking longer than anyone expected, partly because the requirements and regulations are complex. “There are 200 different certifications you need,” Hoffman said. He noted that a great deal depends on third-party providers also being ready, and if they’re not ready, a merchant can’t be ready, and there might not be anything they can do about it.
Hoffman used a couple of charts to illustrate the complexity of the process. The first shows exactly where the liability shift matters, and despite some misinformation that’s been spread around, there’s really only one instance in which a merchant will be liable for the value of things purchased on counterfeit cards. That instance occurs when someone uses a card that has a magnetic stripe that’s been imprinted with a stripe from a card with an EMV chip. Otherwise, the issuer remains liable for bogus cards.
EMV Switch This Week Could Threaten Many Businesses in U.S.
Exactly how this works is best shown in a flowchart that Hoffman uses to make the liability shift clear. The problem, unfortunately, is that the merchant may be liable for transactions involving counterfeit cards even if they’ve done everything right, but when one of the third-parties in the chain drops the ball.
Hoffman said that the companies with the biggest risk are those that sell what could best be called cash equivalents using credit cards. A good example might be the gift cards grocery stores sell. Those gift cards can be converted immediately into cash, and even if the fraud is uncovered later, the criminal gets away with it. He said that another example are stores, such as electronics retailers, that sell products that are easily resold.
The problem, unfortunately, isn’t likely to be fixed in time for the Oct. 1 deadline. “The EMV certification process is taking longer than anticipated,” said Michael Grillo, director of solution marketing for ACI Worldwide. “By the end of the year, maybe 30 percent of large merchants will be EMV-certified.”
Grillo said that the process worked much the same way in other countries where EMV chips were introduced, but he said a big difference is in the awareness on the part of card users. Grillo also said that consumers outside the United States were much more aware of what EMV cards were and how they worked. “But there was a lot more emphasis on awareness at the consumer level.”
Part of the problem is that there has been no major consumer education effort. As a result, nobody has a good idea of how to use the new cards and what they’re expected to accomplish.
Hoffman said that he can see circumstances in which some businesses may have to fold because of losses related to the liability shift. He suggested that owners of those stores—especially stores that sell things like gift cards or lottery tickets, as is the case with some convenience stores—find ways to contain their losses, even if it means limiting sales of easily negotiated things.
Hoffman suggested that merchants with credit card processors that aren’t able to support the security and certification required for EMV think about finding another processor. He also recommended that if the merchant is locked into a contract, it might be a good time to seek legal advice.