As we previously discussed, EMV technology is coming to the United States. In cased you missed it, you can read our Intro to EMV here. There are quite a few incentives that the card brands are hoping will be enough for everyone to adopt the technology as soon as possible. We will discuss some of these incentives below.
Security for All
Currently, the obvious reason to update your terminals to be EMV capable is to better protect everyone who makes payments in person with their cards. As more and more merchants begin to utilize these EMV terminals, the amount of card present fraud drastically decreases. The reason this is possible is because the EMV chip technology makes it incredibly difficult to manufacture counterfeit cards. A card thief would need to find a way to break the EMV security, as well as have the means to manufacture a card with a chip on it; an expensive endeavor that is often not worth their time or money.
It is important to remember that EMV is not the answer to everything and will not stop all fraud. In fact, using EMV as part of a Point to Point Encryption system is the most secure way to use the technology. Furthermore, as EMV adoption grows, fraud will move to other channels such as online transactions which are commonly referred to as Card Not Present.
It can make a significant impact though, in the UK where this technology is already adopted a study by Financial Fraud Action UK reported that fraud on cards has gone down nearly 50%, an amount of nearly £260 million!
The Liability Shift
One of the reasons to adopt the EMV technology is that Visa and Mastercard are introducing a “liability shift” in October of 2015. This liability shift means that if a chip enabled card is presented to you and you do not have a machine that is chip capable, your organization can be held liable for any fraud losses that occur. On the other side, if you have a chip enabled terminal and someone pays without an EMV chip card, the liability can stick with the bank that issued the card. Through this liability shift, the card brands are hoping it will encourage merchants to put down the cash for a new terminal, as in the long run it will likely cost less than all of the fees for fraud losses that may stack up over time.
A final reason to adopt EMV, and one that many organizations are quite excited about, are new programs from Visa and Mastercard regarding EMV and PCI Compliance. Visa is launching a new program titled the Technology Innovation Program (TIP) to the U.S. The TIP program waives an annual PCI-DSS audit if 75%of the merchant’s Visa transactions are processed through a dual contactless and contact EMV certified device. MasterCard is also introducing their PCI-DSS Compliance Validation Exemption Program to the U.S. which functions in the same way. More information can be found on Visa’s TIP program here.
As time moves on, upgrading your terminals for your card present transactions will be critical to making sure you are in the best position possible once the liability shift happens in October 2015. It is never too early to start planning, so now is a great time to take a look at your organization and ask a few questions. Do you have terminals? How many? Do your current terminals accept chip cards and contactless payments?
Asking these questions will help you to be sure whether or not you will need to upgrade to protect yourself and your cardholders. It will also help you to estimate what upgrading may cost for your organization, and it can be expensive. Just be thankful you are not in Target’s shoes. They are spending over 100 million dollars to upgrade their terminals in advance of the liability shift due to their recent compromise.
Let us know in the comments below what you think about EMV, or if you plan to upgrade your terminal before the liability shift in October 2015.
If you have other questions or topics about EMV or PCI security that you would like to see covered on our blog, let us know! You can email us at email@example.com to share your thoughts or questions which we may then address here on our blog!