You go to the store, grab a few things and go to pay with your shiny, new chipped card when suddenly the clerk shouts something like, “Nope, you have to swipe; we don’t accept chips yet.” The merchant clearly has a slot for the chip reader, so why isn’t it working?
At the Better Business Bureau, we’ve been receiving dozens of inquiries about this topic, with many consumers asking what happens if a store is not chip ready and if there is some sort of law being broken when merchants aren’t chip ready.
Well the legality is a little fuzzy, so let’s break it down.
October 2015 was the deadline that the banks decided upon to issue out new cards with a chip embedded into them. The reasoning behind this was to prevent fraudulent use of credit cards where the card is present at a merchant’s terminal.
The government could have stepped in and adopted this new policy, but the banks decided to go ahead with EMV (Europay, MasterCard and Visa — the three companies who developed the technology standard) themselves. If the government had gotten involved, they could have backed it with fines and tax penalties, but instead the processors decided to create a “liability shift” as an incentive.
Before this deadline, any time a consumer’s card was duplicated and used for purchases, the banks would refund that fraudulent purchase. This created the incentive to get the liability off of them and onto the merchants.
October 2015 was the date that the liability would now shift from the banks to the merchants in cases where the bank provided a new EMV card and the store did not upgrade to the new EMV terminal (chip reader). So what is the reasoning behind this?
Well it’s pretty simple.
The banks have now done everything in their power to protect the consumer from any fraudulent activity and the store has now dropped the ball.
But what if the banks did not issue the new EMV credit cards and the store does not have the EMV terminal?
If neither the banks nor the merchants are EMV ready, then the traditional liability rules would apply.
According to US Payments Forum, roughly 45 to 50 percent of all U.S. credit and debit transactions are chip-on-chip transactions. This shows merchants are moving in the right direction and are on par with estimates shared by The Strawhecker Group in April. While this is a great sign, there are still many merchants not using the EMV terminal.
If consumers were to use their EMV chip card with a merchant that does NOT have the EMV terminal and the consumer is forced to swipe their card and there is fraudulent activity on their card, the liability would fall on the merchant. The merchant now would be forced to pay for any damages that occurred, because their store was negligent and didn’t protect their customers.
But what about stores that have the chip reader but can’t use it?
Making the switch over to EMV payments isn’t as simple as just buying a new terminal. Merchants first have to spend a couple hundred dollars on a new terminal, then they have to install a software so the chip transactions can interoperate with their current payment system and, lastly, they have to be certified by the banks and card networks they work with.
It’s a multistep process, and according to J. Craig Shearman from the NRF, getting the certification is creating a holdup.
Getting these EMV terminals certified and running is important, because of the extra layer of security these EMV cards have.
On a magnetic strip, the data is unchanged. Whoever accesses that data gains the sensitive card and cardholder information necessary to make any purchases they want. Whoever copies the magnetic strip can easily replicate that data over and over again, because it will never change — which is where EMV comes into play.
On an EMV card you’ll see a small magnetic square which is a computer chip. Unlike magnetic strips, every time you use your EMV card for payment, the card chip creates a unique transaction code that cannot be used ever again. If a hacker managed to steal chip information from one specific point of sale, they can’t reuse that transaction code and typical card duplication would never work.
While nothing is ever 100 percent foolproof, EMV card chips make it harder for criminals to successfully profit off of what they steal.
According to a 2016 report, Visa saw a 52 percent drop in counterfeit fraud at chip-enabled merchants in September 2016, compared to a year earlier before the EMV cards were implemented. MasterCard, on the other hand, saw a 77 percent INCREASE in counterfeit fraud year-over-year among merchants who had yet to move to EMV terminals.
With the holiday shopping season just around the corner, many merchants not even bothering to implement the new EMV terminals are not only putting their consumers at risk, but they are harming their business’ reputation by refusing to do so as well.
BBB wants to remind consumers to speak up and ask questions. Ask the merchants why they are not EMV ready. Maybe they are trying to be and are held up or maybe they don’t see the risk. Ask them when they expect to be ready by and then decide from there if you want to continue to do the swipe or start doing the dip.
Kayleena Speakman is a communications specialist for the Better Business Bureau Serving Central California & Inland Empire Counties.