New Credit Card Technology Will Affect Merchant Liability
EMV is a chip based technology that validates the authenticity of a physical card for card present transactions, which helps prevent counterfeit fraud by unauthorized users and re-use of compromised card data. The exact details are a bit technical, but EMV uses highly advanced encryption technology and additional data elements to create a trust chain that helps ensure that the card presented to a terminal can be quickly verified as genuine and that transaction data from the merchant to the issuing bank has been not been altered.
The card associations have set an October 2015 mandate where liability will shift for certain types of fraudulent transactions away from the entity that has the most secure form of EMV technology. The mandate excludes automated fuel dispensers, which have until October 2017 to comply. What this means for merchants is that if you don’t employ the EMV technology, you are more likely to be liable for certain fraud chargebacks.
The overall impact of EMV stretches across the industry, as there are changes to hardware and new data elements are now being passed from the merchant to the payment processors and card brands. The processing specifications are currently updated, but there is still much to do in terms of integration and certification. To ensure readiness, many merchants have been installing new payment hardware that is equipped with an EMV card reader. The overall goal being to update the software once the certification is complete and EMV cards become more prevalent in the US.
While EMV has been shown to significantly reduce counterfeit fraud by creating physical checks that help online gambling link a card to an authorized cardholder, it must be noted that once the card data enters the payment environment the data is similar to typical mag-stripe data. Thus a merchant should have a multi-faceted approached to security where EMV is combined with industry standard point-to-point encryption (P2PE) and tokenization methods to protect against data breaches with merchants, vendors, processors, acquirers and issuers all playing a role in preventing data breaches, and rendering card data useless when inappropriately used.
Author: Ed Mastrangelo, AVATAS Payment Solutions. For more information, please contact Danielle Jenkins, AVATAS Payment Solutions.
This article originally appeared in the CEMA E-Newsletter in August 2014 and can be viewed here.