A lot has been written about the ongoing transition from magnetic stripe to chip cards, and in spite of best efforts to communicate “just the facts,” a few misunderstandings have surfaced. In our discussion with our customers on payment options, we have heard a few ‘myths’ about EMV requirements and the liability to merchants. We have tried to debunk these EMV myths below.
Myth #1. Anyone who accepts card-present transactions must upgrade to chip technology.
There is no mandate forcing businesses accepting in-person (or card-present) transactions to adopt chip enabled terminals and other technology. However, there is a risk. If you accept a chip card transaction (by swiping the magnetic stripe on the back of a chip card), and the transaction turns out to be fraudulent, you will be liable for all costs and fines associated with the transaction. The October 1st Liability Shift transferred liability from credit card issuers to the party that is least chip enabled in the event of a fraudulent chip card transaction. In most cases this is the retailer with the magnetic stripe reader.
Myth #2. If I didn’t upgrade to a chip card terminal by the October 1st liability shift deadline, I won’t be able to accept card transactions.
Not true. The liability shift deadline did not render all non-chip-enabled terminals inoperable. Your non-chip-enabled terminal still works and you can accept card transactions with it, as long as you are comfortable assuming the added risk.
Myth #3. Transitioning to chip cards doesn’t reduce fraud.
The fact is, EMV has been a tremendous success in preventing fraud around the world. Wherever EMV is implemented comprehensively, fraud is reduced. Regularly published fraud statistics from many national banking and regulatory authorities France, UL and Canada prove the point. EMV reduces counterfeit and lost and stolen fraud in card-present POS applications, and provides strong, dynamic cardholder authentication in card-not present (CNP) scenarios.
Myth #4. EMV is not secure enough.
As a matter of fact, EMV is based on strong cryptography and elaborate key management; a fundamental EMV principle is to digitally sign payment data to ensure transaction integrity. As opposed to magnetic stripe technology, a chip is extremely difficult to copy, spoof or crack. Using an EMV card with a PIN verification makes it even more secure. Although EMV has been heavily scrutinized by criminals and the academics, there have been no reported real-life, in-market breaks of chip card technology.
Myth #5: EMV is already outdated and of no use in a world moving to mobile and contactless payments.
Not true. Ever since the first EMV implementation nearly a decade ago, EMV specifications have been continuously monitored by EMVCo and other chip card stakeholders and updated to meet the changing needs of the payment industry. And, most mobile and contactless payments are based on EMV specifications.
Myth #6: The business case for upgrading to EMV in the U.S. is not positive; the benefits do not outweigh the costs.
False. The cost of fraud in the U.S. continues to rise, not only the direct cost of lost goods and services, but the additional costs associated with protecting against fraud and cleaning up after an incident. For example, in the wake of recent well-known data breaches, millions of cards had to be reissued, and customer service costs for issuers and merchants increased. The costs of issuing new chip cards and payment terminals is much lower than it was five years ago. In a regulated environment, these fraud savings will be passed on to end user merchants over time. So the fact is that is economically positive for both processors and retail businesses to make the switch. |