Understanding the EMV Fraud Liability Shift
Why it May be Time to Switch to the Chip
By David Hogan Executive Director of Major Accounts, Heartland Payment Systems | February 26, 2017
Even though it's been almost 18 months since the U.S. migrated to EMV smart-chip based payment technology, many businesses - for various reasons - are still hesitant to get on board. Many hotel property management system products don't support EMV acceptance, even though almost 80 percent of credit cards are now issued with smart chips. In fact, credit card issuers prioritized which cards were issued with chips first, which included high-limit international or travel cards - the types of cards being used often in hotels. Without the ability to accept EMV transactions, business owners - including hoteliers like you - are seeing liability shift chargebacks for which there is no defense.
EMV Liability Shift Explained
EMV, which stands for Europay, MasterCard and Visa, is now the global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. For most consumers, it's the difference between swiping a magnetic strip card and "dipping" a chip-enabled card. Migrating to EMV technology improves payment security for consumers and protects merchants from counterfeit fraud, which seems to have become much too commonplace in the past decade (think: large data breaches).
With the push by the card brands to have merchants update their payment's eco-system to EMV, came the "liability shift." As of Oct. 1, 2015, U.S. credit card companies (MasterCard, Visa, Discover and American Express) shifted card-present fraud liability to whichever party is the least EMV-compliant in a fraudulent transaction, most often the merchant. One important thing to note - the liability shift only applies to card-present fraud. It does not affect online sales, only face-to-face card-present sales.
Although some business owners feel inundated with news about the liability shift, it's possible you haven't heard of it at all. In a survey released last fall by Wells Fargo and Gallup, a majority of small business owners were unaware of it. If you're part of that majority, the main takeaway is this: As long as your business has the ability to process an EMV-enabled chip card, you will never be liable for counterfeit transactions, regardless of the card type. The next step is deciding whether upgrading to EMV is worth the cost and effort.
Most hoteliers already realize that updating to EMV technology isn't always cheap or simple. Not only is there a cost, time and training associated with updating the physical equipment, there are also other processes involved. As of October 2016, Visa reported that about 37 percent of merchants are EMV-ready. This slow merchant migration is at least in part due to a delay in EMV terminal certifications. In some instances, hotels may have the right equipment in place, but their property management systems and related point of sale have not been certified by the card brand, which means the merchant cannot configure the reader to process chip-card transactions. Unfortunately, this sends a complicated message to the consumer, whether there's a note on the chip reader saying they must still swipe their card or the place to dip the EMV card is taped off. Each card network (Visa, MasterCard, American Express and Discover) must test and certify a merchant's EMV upgrades, and the merchant must wait until all card networks have approved before they can use the EMV terminal. Basically, according to the liability shift terms, if the merchant has the equipment in place, but has to wait for certification before using it, the merchant is still responsible for fraudulent chargebacks until the terminals are certified.