An Early Look At Post-EMV Readiness


by Axis Payments

Europay, Mastercard and Visa (EMV) is a global standard for credit and debit cards. In the United States, liability shifts related to the cards went into effect October 1, 2015. However, many experts in the industry say that the migration to EMV use has been slower to occur in the United States and that many have not yet made the switch.

What is EMV?

EMV-equipped cards have a small, embedded computer chip that creates a unique transaction code that cannot be used again. Currently, the magnetic stripe on credit cards contains identifying data that remains the same each time the card is used allowing criminals to copy the magnetic stripe and use it to replicate the data since it does not change. If a criminal does get information from the computer chip, duplicating the information will not work because the transaction number is not able usable again and the transaction is denied.

Transition to EMV

According to a 2015 Debit Issuer Survey, 90 percent of financial institutions in the country have begun issuing EMV-equipped cards. However, only 25 percent of debit cards in the country will be equipped with EMV by the end of 2015. In addition, although larger retailers like Wal-Mart and Target are upgrading terminals to accept EMV cards, smaller merchants are slower to upgrade technology. The Strawhecker Group found that only 27 percent of merchants were ready as of October 1, 2015, although the number is expected to rise to 44 percent by the end of 2015.

Liability Shift

One of the biggest changes with the implementation of EMV-equipped cards is the shift in who is liable if fraud occurs. Currently, if someone uses a credit or debit card fraudulently, the payment processor or credit card issuer are liable for any losses that arise. After October 1, 2015, the liability shifts to whichever party has the least compliance with EMV. For example, if a merchant has not upgraded their equipment to EMV-compliant technology and a card is used fraudulently, the merchant will be responsible for the loss. Any merchant or payment processor who is not EMV ready could face significant costs should there be a data breach. However, automatic fuel dispensers have until 2017 to implement the new technology, so they are currently exempt from the new liability issues as are merchants who accept online payments where credit cards do not have to be swiped.

Shifting to EMV technology in the United States has begun, but not all merchants or card processors had updated their equipment as of October 1. This could mean significant expense for non-compliant companies should a data breach occur that leads to fraudulent use of credit cards.

 Copyright 2015 Axis Payments