Q: What should I do if I don’t have a new chipped credit card by the Oct. 1 deadline?
A: The new EMV standard, which stands for “Europay, MasterCard, Visa,” is an important step to helping improve security for credit- and debit-card transactions, but it’s creating quite a bit of confusion.
The Oct. 1, 2015, deadline actually only affects physical retailers who conduct “card-present” transactions, not card holders.
The only thing that changes on Oct. 1 is that the liability for fraudulent transactions switches to the “least EMV-compliant party.”
In plain English, it means that if an EMV or “chipped” card is presented to a merchant who does not have an EMV terminal, and the transaction turns out to be fraudulent, the liability for the transaction now falls to the merchant.
Current estimates are that only 70 percent of credit cards and 41 percent of debit cards will be EMV-ready by the end of 2015, so it may take a while for you see all of your cards arrive with the chip.
For now, all EMV cards will also have a magnetic stripe, which allows them to be used in the traditional manner — so you don’t have to worry about which technology is being used by the merchant.
The EMV cards will come in two flavors: chip-and-signature and chip-and-PIN.
Initially, credit cards will likely be chip-and-signature and debit cards will be chip-and-PIN, so you’ll end up using them the same way, except you will “dip” the card instead of swiping it before either signing or entering your PIN.
When you have the choice, you should always “dip” (insert your card into the chip reader at the bottom) instead of having your card swiped, because it’s much harder to steal useful information during the process.
All of the big-name retail hacks you’ve heard about recently happened because hackers were able to capture all the information they needed from the magnetic swipes to create duplicate cards.
If EMV card terminals were in place during the hack, the information that the hackers were able to steal would have been pretty useless, because there isn’t any information that allows them to duplicate the card.
The Oct. 1 deadline does not apply to ATMs or automated fuel dispensers at gas stations until 2016 and 2017 respectively, so don’t expect to see EMV terminals in those situations any time soon.
Does my business have to upgrade to EMV terminals?
If you’re a retailer with physical locations, I’d highly recommend you update your processing equipment, but you don’t have to — as long as you are comfortable with assuming the liability from fraudulent transactions.
One of the reasons the U.S. is one of the last countries to convert to the EMV standard is because the cost of conversion was higher than the cost of fraud for so long.
Dramatic increases in credit card fraud and point-of-sale data breaches have driven the industry to finally adapt this proven fraud deterrent like the rest of the world.
This could cause credit card thieves to focus on merchants that don’t adopt the EMV standards, as well as online merchants, as has been seen in other countries after EMV was established.
Editor’s note: Ken Colburn is founder and CEO of Data Doctors Computer Services.
