EMV is Here and
You’re Not Ready.
If you are not ready for EMV cards, you aren’t alone - it is expected that the US EMV rollout will be gradual and continual. October 1st is really the starting point for EMV in the US, not the end point - it will be an ongoing process.
Can I still accept all credit cards after October 1st?
Yes! You can process all cards just as you do today. All EMV chip cards will still have a magnetic stripe and can be swiped or keyed in manually. In the short term, if you are not EMV-ready and a customer presents an EMV chip credit card, you should simply ask for a second form of verification before running the transaction.
What am I liable for?
The liability shift is only applicable in card-present transactions when a new EMV chip card is being used, and only if that specific transaction is found to be fraudulent (i.e. chargeback). Under that scenario, a merchant not equipped for EMV could be liable for the value of the transaction.1
What is my risk? What does liability cost me?
Liability risk varies widely by industry and is difficult to estimate for a specific merchant. However, based on available industry information, the liability shift will result in a typical merchant assuming an average of 0.02 bps of additional fraud liability. This is equivalent to $4 per month for a business processing $250,000 in annual credit card sales2.
Is EMV a law?
EMV is not a law, nor is it a government mandate. However, after the flurry of recent high profile data breaches, the industry has agreed to the liability shift October 1, 2015.
How does EMV affect E-Commerce, Recurring and MOTO transactions?
In short, it doesn’t. EMV only applies to in-person card-present transactions utilizing a chip-enabled card. Transactions will process as usual for ecommerce merchants as well as MOTO (mail order telephone order). There is no change to how card-not-present transactions are processed or in merchant liability.
When should I upgrade my systems for EMV?
It is important that you to evaluate your current chargeback liability and consider your typical customers to determine a strategy for your business in preparing for EMV readiness. This strategy should take into account your current chargeback risk to determine your expected EMV card fraud liability. If you are not EMV-ready and a customer presents an EMV chip credit card, you should simply ask for a second form of verification before running the transaction.
Is everyone else ready for EMV?
Not really. The overall payments market is falling behind the initial EMV chip penetration projections. Only 4% of the point of sale systems have been EMV-enabled so far. Approximately 7% of the nation’s ATMs can read EMV chip cards. As of July, only 18% of all Visa-branded credit, debit and prepaid cards in the US contained an EMV chip3. This means that currently, for the vast majority of credit and debit cards, you have no counterfeit liability whether you are EMV-enabled or not.
1 The liability shift applies to both counterfeit and stolen cards. In the case of a counterfeit card, the merchant avoids liability by having an EMV-ready terminal. In the case of stolen cards, the merchant must have an EMV-ready PIN accepting device to validate the user. If the issuer does not prompt for a PIN on a stolen card, the issuer assumes liability. If merchants are not EMV ready, and are a victim of a data breach, the card brands can also levy fines or penalties for deeming their system unsecure.
2 Source: Comparison of internal counterfeit fraud data and counterfeit fraud data provided by Visa across certain OpenEdge verticals. This is a portfolio average – your actual risk could vary significantly based on multiple factors.
3 Source: Data provided by Visa to Digital Transaction News, September, 2015.