by Julie Smith -- February 26, 2015
This post is the first in a series that explores the changing landscape of retail payments. Here we outline the basics of EMV. In future posts we will consider the challenges and opportunities EMV conversion poses to retailers.
For those of you fortunate enough to hang around the payment water coolers out there, you may have heard some interesting new terminology: “EMV” (Euro Mastercard Visa); “Chip and Pin”; “Chip and Signature”; “Chip and Choice”; and “Chip and None”. If any of these terms are new to you, don’t worry: The Point B retail blog is here to bring you up to speed on the complicated and impending changes ahead.
All these terms are associated with a fundamental change in how credit cards will be accepted and processed in the United States starting October 15th, 2015. On that date, credit card brands, issuers, acquirers, sub-processors, merchants and credit card users will all begin to make the long-awaited transition from magnetic stripe credit cards to those that utilize embedded chips.
Chip and pin payment cards are being introduced in an effort to reduce losses due to credit card theft and counterfeit cards. Studies show that while the United States generates 25% of the world’s credit transactions, we account for almost 50% of worldwide credit card fraud losses.
Although EMV is relatively new in the U.S., it has been widely and successfully deployed in most other areas of the world, with over two billion active EMV chips in circulation and more than thirty-five million EMV acceptance terminals presently in use. According to EMVco, the public entity responsible for defining new global standards in this area, chip cards have dramatically reduced losses for in-store purchases (card present transactions).
Chipped credit cards provide for greater security and fraud prevention than their magnetic stripe counterparts. Today, the most common form of credit cards in the U.S. is the “magnetic stripe”, which holds static, unencrypted data about the card holder and account. This type of card has no inherent security beyond the standard in-store authentication process confirming that the customer is the authorized cardholder.
By contrast, an EMV credit card has a secure chip that incorporates the payment application, performs cryptographic processing, and contains cardholder and account information. These features provide better security for sensitive information and are proven to reduce fraud.
What’s happening and when?
Under the present system, credit card providers bear responsibility for the liability, or financial risk, of theft and fraud. However, effective October 15, 2015, this same risk and responsibility will shift to those merchants who do not accept EMV transactions. In the event a merchant supports EMV, but the issuer, acquirer or sub-processor does not, the financial liability for fraudulent transactions will instead rest with the weak link.
As a result, while banks today are on the hook for the financial fallout from fraud, this shift will mean that retailers and others that take credit card payments may be responsible for some or all of the fraud if they are not able to support EMV.
There will be no changes in liability for transactions in which the customer presents a legacy magnetic stripe card, or for “card not present” transactions such as ecommerce and telephone transactions.
Finally, major exceptions have been put in place for fuel dispensers and ATMs due to the cost and complexity associated with upgrading those infrastructures.
How does it work in the store?
There are two possible ways to use EMV chips.
1) “Contact”: In this situation, the card must be inserted or “dipped” into the payment terminal where it remains for the duration of the transaction. This is different than the ”swipe” process that most of us are used to today and will require a re-education of customers and employees.
2) “Contactless”: In contactless devices, the chip is embedded in a device that must be placed within a couple inches of the terminal in order for information to be transferred via Near Field Communications (NFC). Contactless chips can be embedded in credit cards, payment fobs, cell phones or other personal devices.
Here’s where it gets complicated. For each transaction, the credit card issuer can require one of three different ways to complete a transaction. As long as the merchant processes the transaction in the specified way, it avoids liability. Since the issuer can choose which methods are acceptable, these are collectively called “Chip and Choice”:
- Chip and PIN – The customer inserts their card in the reader and enters a PIN to complete authentication. This is considered to be the most secure method.
- Chip and Signature (or “Chip and Sig”) – This method requires a customer to sign for the transaction much as they do today.
- Chip and None – The customer is not required to enter a PIN or sign. This will often happen when the purchase is under $25.
If the merchant allows the consumer to authenticate in a manner that differs from the expressed instructions of the card issuer, the retailer assumes the liability. For example, a retailer may decide it wants to implement a policy of “Chip and None” up to $75. In this case, the retailer would assume the liability for any fraudulent purchases made up to that $75 threshold and conducted with credit cards where the issuer had either a “Chip and Pin” or “Chip and Sig” policy in place.
Who will this impact?
The short answer is everyone.
More specifically, this change will impact all businesses that accept credit cards, whether they are the smallest Square merchant or the country’s largest retailers, mass transit, fast food, fine dining, taxis, health care providers and many, many others. It will also have implications for banks, acquirers and sub-processors, as well as the hundreds of millions of people who conduct credit card transactions each and every day.
What does this really mean for consumers?
The way they pay will be slightly different. They will likely dip or tap their card (or fab) vs. swipe their card. Eventually they will need to have (and remember) pin numbers for credit cards. In practice, all the liability changes shouldn’t affect consumers…though, of course there’s a chance down the road that banks and credit card issuers will try to shift some remaining liability the customer’s way (but that’s not yet on the docket).
Check back soon for more of the EMV story in our next blog post.
Up Next: EMV 201: Considerations for Retailers as they Implement EMV