The impending shift to EMV technology is just around the corner. In this post, we hope to explain what EMV and the liability shift is, and what Imonggo is doing to prepare for it.
What is EMV Technology?
The increasing number of fraudulent practices recorded in the United States for the past years is an alarming consequence of the convenience of paying with a credit card.
A credit card is a plastic square with a magnetic stripe that has the cardholder’s information. The magnetic stripe is not that secure; swiping the card using a magnetic stripe reader onto a notepad window reveals the information embedded on the stripe, and this information can then be copied, or cloned, to a duplicate card.
The EMV cards are differentbecause they feature a chip in addition to the magnetic stripe. The data in the chip is difficult to crack. During the transaction, the chip generates a code using your credit card information. It is this code that is transmitted through the network and not your sensitive credit card information.
Eric Dunn, the senior vice president of payments and commerce solutions at Intuit, recognizes the need to shift from magnetic stripe to EMV technology. “It’s quite difficult to clone the chip. It’s not that hard, unfortunately, to clone a magnetic stripe card, so this means bad guys who try to earn a nefarious living by skimming magnetic card numbers and recreating magnetic stripe cards can’t do that when the world migrates to EMV chip cards,” he said.
To process an EMV-enabled card, the merchant must have a certified credit card terminal that reads the credit card chip and a subscription to a payment gateway that transmits transactions. The terminal can be integrated with the POS, but it is not necessary in some cases.
If the store does not have a terminal that can process EMV cards, the cashier can still proceed by using a magnetic stripe reader, but this is more open to liability.
What is the liability shift?
Previously, the liability of credit card fraud rests on the card issuer. When a cloned card is used and the original cardholder disputes the charge, the card issuer has to absorb the chargeback.
The new EMV technology brings a liability shift, where the card issuer can be absolved from the chargeback. When card fraud occurs, the party with the lesser technology takes responsibility.
When a fraud is reported, three scenarios can happen:
- If a customer pays with a credit card that does not have a chip, then the bank that issued the credit card is liable.
- If a customerhas the chip and the store has the ability to read the chip but the customer still chooses to swipe, then the liability is with the customer.
- If the merchant cannot read the chip and uses the magnetic stripe, then the merchant is liable.
The deadline for this liability shift is on October 1, 2015.
What Imonggo is Doing
When we learned of the liability shift last year, we started to research on how we can support EMV technology. Our original processor, Authorize.net, has yet to announce that they will support EMV, so we had to find online payment gateways that can be EMV-ready, and we narrowed the list to a few processors.
Our main obstacle is that the gateway and the terminal should be certified to handle EMV transactions. While we can finish the development of the EMV payment processing integration before the October 1 deadline, the processors we have been talking with have told us that the certification may not make it in time.
While we can finish the development of the EMV payment processing integration before the October 1 deadline, the processors we have been talking with have told us that the certification may not make it in time.
Mercury Pay, in particular, has mentioned that they expect the certification to be released as late as January 2016. In the meantime, Mercury Pay has added security features when processing credit cards the traditional way. This is not an isolated problem. A report from PaymentsSource states that 75% of retailers will miss the October 1 deadline.
This is not the end of the world, however, because there are safeguards and workarounds that can be done to protect your store from liability. We will talk about these in our next blog posts.