What Happens If I’m Not EMV Ready By The October Deadline?

Starting October 1, 2015, liability for any fraudulent credit card charges default to the party in the payment process that is the least EMV compliant. Presently, if you process a payment on a fraudulent card, the bank absorbs the cost. But once the deadline passes requiring you to be EMV-compliant, your company assumes the liability for counterfeit and other fraud-related credit card transactions. In other words, if you, as the merchant, have not upgraded your POS terminals to a chip card reader able to interface with a chip-embedded credit card, you’re on the hook if someone makes a purchase at your place of business with a stolen or hacked chip card.

Credit card processing companies and the banking industry are referring to this as a “liability shift”. It’s meant to relieve them of the liabilities and costs that stem from the increase in credit card fraud. Especially in the United States. In Europe, where the combination of chip-embedded credit cards and compatible credit card terminals has been used for a number of years, studies indicate that credit card fraud has dropped. That’s good news for European merchants but not such good news for US merchants. Credit card theft is on the rise in the US because the older magnetic strip method of credit card authorization is easier to hack.

Chip technology has three major benefits over the older, magnetic strip technology.

  • 1. When processing a credit card payment, especially offline, EMV technology offers better security against fraud from counterfeit, lost, and stolen cards.

  • 2. The information stored on a chip is not as vulnerable to theft by criminals looking to steal cardholder information or reproduce counterfeit credit cards.

  • 3. By standardizing technology for processing credit card purchases, it will simplify purchasing in a global economy.

Because chip-embedded credit card technology has worked so well elsewhere, financial institutions have set the October 1st deadline for the transition to EMV technology in the US.

Some Merchants Won’t Be EMV Ready by October.

The major reason they give is because of the cost to upgrade to chip card POS terminals. But before you jump on that bandwagon, take a look at your existing POS terminals. If you replaced any of your terminals in the last five years, you probably replaced them with EMV-compatible terminals. The EMV technology is just not turned on yet. Contact your processor to learn how to get the EMV feature turned on.

The expected lifespan of a POS terminal that gets moderate to heavy use is around five years. Look around your place of business. Is it time to replace a few terminals now? If so, you can direct your customers with chip-embedded credit cards to check-outs equipped with EMV-compatible terminals and ease into total compliance gradually. But you can continue to use your present terminals because EMV cards will still have the magnetic stripe on the back. Just remember that if you use a non-EMV compliant terminal to process a chip card, the liability for fraud falls on you.

And some credit card processing companies are willing to replace your old POS terminal for free during this period of US EMV switchover, so check with a customer representative at your credit card processing company before making any purchasing decisions.

Can You Afford Not To Be EMV-Compliant By The October Deadline?

No, you really can’t. Christmas, the biggest shopping season of the year, comes right on the heels of the October compliance deadline. With increased sales comes an increase in the likelihood that some of your customers will pay for their purchases with a stolen credit card. Is it worth the risk to be on the wrong side of the liability shift that comes with non-compliance?

Besides the issue of “who’s liable?”, being EMV compliant does have some other major benefits. To encourage compliance, Visa announced that merchants who generate 75% or more of their sales from EMV-compatible terminals will no longer have to annually validate their PCI compliance. This fee can come in the form of an annual fee of $100+ per year or it can be charged as a monthly fee of $5.95 up to $19.95 per month.

And merchants who have installed EMV-compliant terminals will also receive relief from PCI audits, fines, and fees in the event of a hacking incident. These fees include forensic costs, card replacement, and other costs that have in the past been charged to the card issuing bank but will now be the responsibility of any merchant who is not EMV compliant. These costs can add up and quickly swamp a small business.

So what’s the moral of this story: Don’t be penny wise and pound foolish! Review your options and weigh all the facts carefully. How many new terminals do you really need? Is that cost outweighed by the benefits being offered to you to be in compliance with EMV standards? And once you have calculated those numbers, consider the bigger picture. Can you afford the liability risk that comes with non-compliance? It’s your choice, but isn’t the choice clear?