And will you be ready for it?
October 2015 will likely mark the beginning of the end for “swipe and sign” credit and debit card transactions in the United States. Businesses that have not upgraded their systems to accept card payments according to Europay, MasterCard, and Visa (EMV) standards at this point will find themselves liable for losses caused by fraudulent payments. The question remains, though, whether retailers—including those in the restaurant, food and beverage, and hotel industries—will manage to upgrade their systems in time.
Currently, most credit and debit card transactions in the United States are conducted via “swipe and sign,” in which consumers swipe the magnetic strip (“magstripe”) on the back of a card through a payment terminal and then sign the corresponding transaction receipt to authorize payment. Come October, though, all major credit card companies will require the adoption of EMV standards for the U.S. market. These standards require that payment terminals read the micro computer chip (chip card) embedded on credit and debit cards instead of their magnetic strips to recognize transactions.
The U.S. has been very slow and reticent to adopt chip card technology, despite the fact that EMV is the global technological security standard. When fully implemented, EMV standards require chip and PIN (personal identification number) usage. The chip, which appears in the card itself, enables merchants to process transactions with a higher degree of encryption security than the traditional magstripe. The PIN, which is a number selected by the consumer, is considered to be more difficult to obtain than a signature is to forge. Merchants must have updated their terminals to be able to accept EMV technology in order to accept payments through chip—or chip and pin—transactions.
To date, U.S. consumers have not been making purchases using chip cards mainly because U.S. merchants and banks have not been employing EMV-enabled terminals to accept payments and process transactions. The U.S. accounts for approximately one quarter of all card transactions in the world. Startlingly, U.S. banks and merchants are subject to approximately one half of the world’s credit and debit card-related frauds. Further, it has been estimated that the annual loss related to these frauds is between $9 and $10 billion in the U.S. alone, with losses expected to increase in the coming years should banks, merchants, and consumers fail to comply with EMV standards. The rising cost of fraud coincides with the ubiquitous rise in mobile payments. Forrester Research has estimated that mobile payments will reach $142 billion annually by 2019.
Merchants and retailers are advised to quickly contact their processing and point of sale vendors to inquire about updating their processors. Many payment processing and point-of-sale vendors are making it relatively inexpensive for merchants to upgrade their terminals if they act soon. Square, for instance, created an upgraded, EMV-ready card reader that costs less than $30.
For now, Visa, MasterCard, and American Express are issuing new cards with both the chip and the magstripe, but that will end soon. In fact, many countries are now considering banning traditional magnetic stripe cards altogether.
Alarmingly, after October 1, 2015, those merchants and retailers that have not upgraded their terminals to accept “chip” payments will be primarily responsible for any losses incurred from magstripe transactions if the customer presented a chip card, but the merchant’s terminal was only capable of accepting magstripe transactions. The banks have taken great steps to upgrade their systems, including issuing new chip cards to customers. Hence, while traditionally the bank may have assumed the liability and losses from a fraudulent transaction, the banks and credit card companies have recently taken the position that since they have done their part to implement measures to prevent card-related fraud, merchants, retailers, restaurants, hotels, and other businesses must meet them halfway or suffer the consequences.
MasterCard defines the liability shift this way: "The party, either the issuer or merchant, who does not support EMV, assumes liability for counterfeit card transactions. Understand that by issuer, the card companies do not mean themselves; the term refers instead to banks, credit unions, and any other financial institution issuing credit or debit cards." Restaurateurs, hoteliers, and other merchants must adapt to the new technology and convert to the “chip” payment system, or be exposed to potential liability. A small investment in new payment terminals today could result in large litigation savings down the road.
The opinions of contributors are their own. Publication of their writing does not imply endorsement by FSR magazine or Journalistic Inc.