The EMV Chargeback Liability Shift is coming up on October 1, 2015, a little under 6 months from now. What’s going to happen is all the major credit card companies – Visa, MasterCard, Discover, and American Express - have said that if EMV capability has not been implemented on your POS terminals, you (the merchant) will be liable for all counterfeit transactions if they are made.
Note that this does not mean you as a merchant MUST be set up to accept chip payments by that point in time. There is no law or statute that will put you out of PCI compliance by not being EMV compliant. In fact, for merchants who only accept payments online or by telephone, this topic is moot. But for those that do, it makes sense to start early to put your plan in place to accept EMV cards.
Sorry, But It’s Not Always Exactly Clear when Liability Shifts!
How to Be EMV Compliant
Given that EMV compliance is fairly complex, here are some quick tips to make sure you stay compliant with this liability shift:
- Start months ahead of time – like now
- You can bet EMV will change in the future – buy devices and systems that you can scale over time
- Communicate with everyone involved in the change process so they understand, which makes the transition easier
- Make a list of suppliers, identify the questions you’ll ask them, and choose the one that best meets your needs
- Create your budget – and set the number high because implementation may take longer than you thought
What Should You as a Merchant Do from a Big-Picture Security Perspective?
Of course, just like you tell your customers, security should be your top priority. EMV works great when the card is present during the transaction. And if you have consumer authentication, that shifts liability to the card brand when fraud does happen. On top of that, you should also have tokenization in place to protect all card data. When you have all those security methods in place, your customers keep their payment information safe.
Even though you don’t have any legal obligation to comply with this shift, it’s still wise to do so. Your company may be able to sustain the new losses because of your increased liability…for a while. But at some point, not upgrading your EMV compliance will cost you more than actually doing the upgrade.
Don’t companies who proactively change always find themselves in better positions later on down the line?