Although EMV technology is more than 20 years old, the U.S. has only recently joined the rest of the world in adopting chip-enabled credit cards as its official payment standard. New rules that went into effect in October 2015 now shift fraud liability onto those who aren’t EMV-ready.
Note, however, that this liability shift isn't a mandate.
Consumers can still use magnetic stripe plastic — regardless of the terminal type. Merchants can still process EMV and magstripe cards on legacy readers. The only real difference is who covers fraudulent losses (if they occur):
- If a customer uses a magnetic stripe credit card on a merchant's EMV chip-enabled terminal, the customer's issuing bank is responsible for any fraudulent losses.
- If a shopper uses an EMV chip card on a merchant's legacy terminal, the merchant must cover any fraudulent losses.
Given the prospect of paying huge penalties out of pocket, these liability rules offer plenty of incentive to upgrade. That incentive will only grow with time as late adopters become easier targets in a world where EMVs are the standard.
With this as the backdrop, how much change has the liability shift brought to the U.S. retail market?
EMV Liability Rules and Payment Upgrades in U.S. Retail
The new liability rules have definitely spurred card issuers and merchants to action. However, EMV adoption is far from universal — even months after the deadline has officially passed.
The consumer side has enjoyed the most success.
According to some estimates, nearly 70 percent of customers have received replacement cards from their issuing banks. Many of the lingering magstripe cards still used will likely expire in the coming months. Reaching 100 percent penetration could theoretically happen within the year.
The merchant side, however, has faced significant resistance. An estimated 75 percent of U.S. retailers haven't upgraded their payment processing for the new EMV standard — despite months of lead time.
One hundred percent penetration is unlikely to happen before 2018.
What These EMV Liability Numbers Mean for You
There is no question that EMVs are more secure than traditional swipe-and-sign credit cards. Though this is only true when both sides of a transaction employ EMV technology.
This means that as a merchant, you can’t prevent credit card fraud simply by moving to the EMV standard. If your customers still rely on legacy plastic, your business remains vulnerable to fraudulent attacks. The good news is that you won’t be held financially responsible for those losses.
Yet if you find yourself in the 75 percent of merchants who haven't switched yet, you become an even easier target for thieves and hackers. Fraud is much more likely to take place. When it does, expect to pay huge penalties for not updating your payment infrastructure.
Upgrading to the EMV standard isn't an expense (as many would have you believe). It's an investment — one that protects you from skyrocketing costs down the road.
To learn how BluePay can help you get the most out of that investment, contact our payment security team today for a free consultation.