This report is mostly for brick-and-mortar retailers. The forthcoming October 2015 rule changes regarding EMV-enabled charge cards are specific to card-present merchants. But ecommerce merchants should know what EMV entails, as some merchant account salespeople have attempted to apply EMV into card-not-present accounts, such as ecommerce transactions.
I am writing this because I said EMV cards in “B2B Merchants Often Overpay for Card Processing,” my November 2014 article. That generated questions and concerns from brick-and-mortar retailers about the EMV misinformation being distributed by some salespeople and processors.
Consequently, the purpose of this guide is to explain the way that approval of EMV cards and the upcoming rule changes will affect card-present retailers and the choices they will need to make before October 2015. (For a background on EMV, read “Credit Card Processing: October 2013 Rate Changes, EMV Terminals,” my post from 2013.)
You might have noticed that a large proportion of newly issued debit and credit cards in the U.S. have a microchip embedded in the plastic. While this chip is new to the U.S., cards issued in a number of other nations have experienced an embedded microchip for ages. The purpose of the microchip is to decrease the value of stolen data and the ease of running counterfeit transactions.
EMV-enabled credit cards have a microchip inserted into the plastic. Source: Visa.
EMV stands for”EuroPay, MasterCard, Visa,” which are the three companies that initially developed the criteria for processor card processing. In the credit card business EMV is identical to the principles governing acceptance of processor card transactions. These principles make chip cards and point-of-sale devices compatible around the world.
The card businesses understand that the magnetic stripe technology utilized on U.S. charge cards for the past couple of decades no longer has sufficient security. To run a fraudulent transaction, offenders need only the information found on the magnetic strip. This information can be skimmed off a single card using a simple device or it may be gotten in bulk quantities by hacking into merchant and supplier databases. This is the reason why merchant adherence to PCI DSS — Payment Card Industry Data Security Standards — is indeed important for the card companies.
Embedding a microchip on the card provides an important additional level of protection to decrease the value of stolen data. The processor enables cryptographic processing. Whereby each transaction has lively, unique authentication. This lessens the possibility of a fraudulent transaction. However, it means that U.S. merchants will need to get point-of-sale devices that can process the encoded data for this additional level of security to operate.
EMV: What U.S. Merchants Must Know
There’s a lot misinformation from some merchant account providers about EMV. Regrettably, some merchants that don’t even process EMV cards are currently buying and leasing equipment from such providers. Here’s the information merchants will need to know about EMV and the October 2015 rule changes which influence card-present merchants.
Presently, most card-present bogus card losses are the responsibility of the bank that issued the card. But on October 1, 2015 the card companies are changing the rules. As of that date, the entity responsible for the EMV information will be held fiscally accountable for specific card-present counterfeit losses. Meaning that if the bank issued a card with no microchip, it could cause any card-present fraudulent card losses. But if the card gets the microchip and the supplier didn’t process the data, then the supplier may be liable for any losses.
What merchants need to realize is that the supplier will pass such a loss on the merchant if the merchant didn’t have equipment capable of processing the EMV information.
Also, understand that chip cards will still have the magnetic stripe on the back of the card, so merchants with no EMV POS devices can still process transactions. The card companies aren’t forcing merchants to invest in POS devices that can process an EMV transaction. However, they’re using a pretty major stick via the fraud reduction rule changes to encourage merchants to purchase POS devices that can process EMV transactions.
Accept Financial Responsibility, or Not?
Therefore, every card-present merchant should make a choice: Does it need to undertake the responsibility for fake card losses or does it need to invest in equipment that may process EMV transactions? Firms must make this decision well before the October 2015 deadline, to ensure they could get the needed equipment if needed.
But, there are more choices each merchant will have to make if it invest in the EMV gear. Merchants will need to decide if they would like to integrate NFC (near field communication) or Apple Pay and other similar programs that enable the client to put the card or mobile phone near a receiving apparatus to acquire the chip card info, versus inserting the card at the POS device. Merchants also must see that some card issuers may require cardholders to key-in a PIN number with the processor card transaction and some issuers may only need the signature. This means that a merchant might have to invest in an EMV PIN pad because of the positioning of the POS device so the client has some privacy when inserting her PIN number.