EMV and Credit Card Processing Changes

There is a lot of buzz going around concerning the changes in EMV compliance and credit card processing procedures. Beginning in October, the U.S. will adopt the standard used by the rest of the world. This process is designed to clarify who the liable party is when fraudulent credit cards are presented. As a result, the technology required will shift the way credit card readers interact will cards. This transition may seem uncomfortable, so let us try to ease your mind. Here are a few key points on what this new regulation entails with further explanation below.

1. The U.S. implementation only requires compliance by the credit card processor.
2. The regulation DOES NOT require individual merchants to upgrade equipment.
3. It is estimated to take credit card issuers up to 3 years to complete the replacement of all 2.1 billion credit cards in circulation in the U.S.
4. You have time to figure out when is the best time to upgrade.

In an effort to reduce the amount of credit card fraud, the U.S. is adopting the same credit card technology used throughout most of the rest of the world. First introduced in 1995, EMV was named for the three companies that developed the technology; Europay/Mastercard/Visa. Since that time, there have been a total of six credit card networks to share in the ownership. The new system uses a microchip to create a dynamic verification code for each transaction processed on the card.

The magnetic stripe found on the back of most cards contains the credit card number, customer name, address, zip code and a static 4 digit verification (CVV1) code that the point of sale system uses to authenticate the card. There is also a 3 digit code (CVV2) printed on the back of the card that can be used to verify hand entered transactions. The problems involved with this type of system occur when the data on the cards is intercepted or hacked from a stores database (like what happened to Target) and all that information can be recoded or cloned onto another card. After all, it is the same technology as an old cassette tape and it was easy enough to record over those.

With the addition of a microchip, a new verification code is generated for each transaction. This virtually eliminates the possibility of cloning a working card. In addition to the built in safety measures of the chip, there are also customer verification methods (CVM) available. These options include entering a PIN when using the card, requiring a signature or enabling Near Field Communication (NFC) for paying with a fob or smartphone. These options are programmed into the chip based on preferences set by either the card issuer or card holder and can vary based on total transaction amount, location, etc.

The Electronic Transaction Association (ETA) has compiled the following concerning credit card processing. In the U.S., credit card transactions comprise $1.2 trillion and there are a total of $8 billion of fraudulent charges. While that number comprises only 0.67% of total credit card revenue, $8 billion is still a lot of money. In fact, 47% of all credit card fraud occurs in the United States. EMV implementation could eliminate 78% of US fraud cases by eliminating cloned cards.

Since most of the rest of the world is already on the EMV system, the primary reason for delay in the U.S. conversion is due to the infrastructure. The US was a very early adopter of credit card technology and right now there are approximately 8 million merchants using the swipe style card readers. To force that many merchants to switch over involves a significant investment in technology upgrades on the processor side as well as hardware upgrades for businesses.

The new hardware will require the card be inserted into the reader for the duration of the transaction. This is because the microchip doesn’t have a battery and therefore has no method of transmitting data on its own. The gold casing over the microchip is powered through induction by the card reader. This will have the most impact on the restaurant and service industry. When a card requires a PIN or signature for confirmation, a mobile reader will be necessary or the customer will have to accompany the card to the host station.

Starting in October, the credit card processors are required to have the infrastructure in place to accept EMV payments. So, how does this affect liability? After that time, liability will be split between the card issuer and the merchant and will fall to the party responsible for not allowing the EMV transaction to take place. For Example:

• If a merchant has the EMV reader in place, but the customer has not receive a card with the chip from their bank, the liability for a fraudulent transaction is on the issuer.
• If a customer attempts to use an EMV card at a merchant who has not upgraded to the EMV reader, the liability will be on the merchant.

There will likely be an overlap of technologies for quite a while. Many card issuers will wait until the expiration of their current cycle of cards until they upgrade. There are a total of 2.1 billion cards in the market at the moment, and to replace them all is expensive. Cards with just a mag stripe can be produced for about $.10 per card while cards that have the EMV chip in them cost between $1-2 to produce. New cards issued will continue to include magnetic stripes for several years, knowing not every merchant will upgrade equipment right way.

There are also some exceptions to the liability rule. Gas stations have been allowed more time to implement the conversion. Most card readers are built into the pumps and require a complete replacement. ATMs will also have extra time to upgrade for the same reason.

As you consider the options indicative with upgrading, you may come up with more questions. In such cases, American Metro is happy to help you find answers. Use the button below to contact our resident credit card expert or email your question to [email protected].