Datacap Logo

The time is now to prepare for the EMV liability shift

PCI compliance and similar security standards have evolved a bit more rapidly in the past few years, as regulators and advocates strive to create a more effective line of a rules that will reduce the rate of fraud and identity theft in the US going forward. While there is no argument to be made against these endeavors, they have been somewhat challenging to keep pace with in the eyes of retailers and, perhaps more importantly, small business owners. 

Not only do SMBs need to ensure they are effectively deploying new solutions to accept more novel payment methods so as to engage all potential clientele, they must also work to protect user data and comply to all current regulations. In a few months, a major update to policy will be enacted that involves the requirement of EMV chip-enabled hardware at point of sale systems, as regulators shift fraud liability from the issuing bank to the acquirer/merchant.  

Key considerations
The National Federation of Independent Business published a helpful article back in mid-April regarding the more important matters entrepreneurs need to keep in mind when approaching the new fraud liability standard. As a note, this will be effective Oct. 1, and small business owners who have not yet acquired and deployed the necessary POS systems should certainly investigate whether an update to EMV would be a prudent move.

Merchants should work with their Point of Sale providers to determine their risk level for in-store fraudulent transactions and discuss whether an immediate upgrade is justified. NFIB noted that while companies are not necessarily obligated by law to upgrade to POS systems that can process EMV-chip card payments, the liability shift is a very real and pressing matter that shouldn’t be ignored or brushed aside. 

  The liability associated with in-store fraudulent transactions will be transferred to the merchant after October 1st, 2015.
The liability associated with in-store fraudulent transactions will be transferred to the merchant after October 1st, 2015.

It’s important to understand that EMV is not connected in any way to on-site data-breaches that have so many SMBs concerned today. Even with EMV implemented, card data is still vulnerable after the transaction, creating very real risk for the merchant. Again, SMBs should talk to their POS providers to learn how to protect card data after the transactions through features like end-to-end encryption and tokenization. 

The brass tacks
Visa, one of the main parties involved in this particular change, lists several helpful tips for merchants that are ready to begin the process of implementing support for EMV transactions. Virtually every POS provider will have a go-forward EMV plan in place today. POS providers will work with merchants to make sure that they understand completely what their options are for EMV with their current Point of Sale. At minimum, merchants should find out what hardware options are available from their provider, how an upgrade to EMV will effect their current business practices and what timeframe for implementation they can expect. An open discussion with the POS provider is the first step to making the right decision for your business pertaining to EMV.