It’s been almost 18 months since the EMV (Europay, MasterCard, Visa) liability shift occurred in the United States. As a result, merchants who chose not to adopt EMV technology are now responsible for in-store counterfeit card fraud involving EMV cards. Any cases of fraud that happen at EMV-compliant businesses are the responsibility of acquiring banks as they were before.
Merchants who did not adopt EMV technology didn’t face any legal backlash because the liability shift was more of a starting point that indicated when responsibility would change rather than an actual iron-clad deadline. But those who didn’t adjust to the new standards have increased the chances of their customers’ card information being stolen and the possibility that they will be liable for chargebacks.
While the liability shift only counted for brick-and-mortar stores instead of online businesses, it undoubtedly affects both merchants and consumers.
Some major retailers were already aware of this. Target announced in February 2014 that it would become compliant before the liability shift occurred. No doubt, Target’s decision had something to do with the massive data breach that took place in November 2013 and impacted approximately 70 million consumers. But many small businesses didn’t even know what the liability shift was until after the fact.
An Interesting Start
Many retailers were not prepared for the EMV liability shift. They didn’t face any legal consequences by failing to become EMV-compliant by October 1, but they still had to deal with the aftermath of such a significant change in the industry. Consequently, it’s taken a while for some merchants to make the upgrade. Some still haven’t.
According to a February 2016 survey conducted by The Strawhecker Group (TSG), a business management consulting company based in Omaha, Nebraska, only 37 percent of merchants who participated in the study were compliant. Their ignorance about the liability shift may have been one contributing factor. It’s likely that the holiday season also played a role.
“‘It appeared that some merchants delayed EMV migration completely until the holiday season ended to prevent friction and confusion at the checkout line,'” said Jared Drieling, business intelligence manager at TSG. The concern that merchants had about consumer reactions to the new EMV terminals seemed to outweigh the concern over becoming liable for any counterfeit card fraud that occurred during the chaotic shopping months that lead up to the holidays.
Despite this rocky introduction, EMV is, in fact, helping decrease the number of counterfeit card fraud cases in the United States. In September 2016, MasterCard released new statistics regarding the number of consumers who now possess EMV cards. “Nine-in-10 Americans commonly use chip cards, a 38 percentage point increase year-over-year, from 49 percent in 2015 to 87 percent in 2016,” according to MasterCard’s report.
Visa has similar statistics of their own, as December 2016 data shows that there are 408.1 million Visa chip cards—both credit and debt—in the country. Furthermore, Visa reveals that almost 1.81 million “merchants are now accepting chip cards,” which is a 135 percent increase from the year before.
Since an increasing number of consumers, as well as business owners, are utilizing EMV technology, merchants who haven’t jumped on the EMV train yet should start considering it. In the same report discussed above, MasterCard found that there has been “a 54 percent decrease in counterfeit fraud costs at U.S. retailers who have completed or are close to completing EMV adoption, when comparing April 2016 to April 2015,” showing that embracing this technology benefits consumers and merchants.
From Retail to ATMs
So the October 2015 EMV liability shift is over with, but there are other EMV deadlines that merchants should keep in mind. In fact, the second deadline occurred exactly one year after the first: October 1, 2016.
This time it pertained to ATMs, in particular transactions that involve MasterCard credit and debit cards. The deadline for Visa credit and debit cards won’t kick in for another year.
Like the liability shift that took place in 2015, any institutions with ATMs will become responsible for fraudulent occurrences involving EMV cards and non EMV-compliant ATMs. This means that ATMs at banks or colleges, for instance, will have to be updated. But again, this compliance isn’t required by law.
And Fuel Follows
October seems to be the month of liability shifts.
October 2017 brings a liability shift concerning fuel dispensers. Rather than swiping their credit cards or debit cards at the gas pump, consumers will be able to use the tiny chip at gas stations that are EMV-compliant. However, it’s important to note that Visa recently announced it would postpone the deadline until October 2020 in order to make sure that the migration to this technology will run smoother than it has in the past.
It will be interesting to see if all consumers are using EMV cards and if most retailers and ATMs are compliant as well. Unlike the first liability shift, gas station owners will be aware of the upcoming changes, especially because there’s been so much coverage of the October 2015 regulations and its effects on both merchants and consumers alike.