Payment Card Industry is Shifting Liability to Merchants
Businesses large and small that accept credit cards in the United States are facing a harsh reality when it comes to fraud liability. In October 2015, most all major credit card companies will shift liability for data breaches and fraudulent purchasing onto businesses that have failed to adopt upgraded card security technology. What does that mean to businesses and their consumers?
For some time, there has been technology considered more secure than the old magnetic stripe on credit cards. Though used in other countries for several years, U.S. merchants have been slow to adopt the better EMV global standard. The technology places a “chip” right on the card for use with verification software.
What is EVM? It’s an acronym for Europay, MasterCard and Visa. Members of this standard-setting group also include American Express, Discover, Japan Credit Bureau (JCB) and China Union Pay. Their objectives include making the secure use of credit and debit cards seamless around the globe.
If credit card companies were expected to absorb the cost of fraudulent data breaches just because retailers refused to adopt better security technology, it wouldn’t be long before the card issuers were unfairly or, possibly impaired. In a world that relies on “plastic” to buy a cup of coffee or pay a college tuition, an impaired credit company could spell disaster for consumers. That’s another reason why credit card companies are looking for universal technology upgrades.
The card companies have taken the only step that seems reasonable, which is to shift the liability for data breaches back on retailers who do not adopt sensible and available security technology. Should a data breach occur, the consequences for non-compliant businesses who choose to forgo the liability protection of the card issuers could mean the end of their enterprises.
Each credit card company has different milestones in implementing their expectations for conversion to EMV, but the date most commonly agreed upon is October 2015. Some card issuers are staggering their roll out to exempt fuel dispensers (gas stations) until 2016 or 2017.
There are incentives to make the switch. According to Smart Card Alliance, if a merchant has at least 95 percent of all its transactions originate with EMV-enabled cards, MasterCard, for example, will extend 100 percent liability coverage.
Retailers have been scrambling for coverage and/or increased limits of coverage given the potential for exposure. Given that data breaches seem to appear every day in the headlines, getting cyber coverage seems all the more prudent. From the perspective of the insurance industry, the shift of liability changes pricing, underwriting and availability for this rapidly emerging liability product.
As case law, insurance policies and security technology respond to this evolving world of global business transactions, thieves are staying a step ahead. It is unlikely that any technology will remain bullet-proof which means retailers and security specialists will have to continually invest in upgrades as a cost of doing business – a cost ultimately borne by consumers.
For risk averse retailers. taking a wait-and-see posture is not really an option. Making the move now to the EMV global standard is the responsible move.