Take a look in your wallet and find your credit card. Chances are that you are one of the millions of Americans that received a “new” EMV-chip-enabled credit card.1 EMV, which stands for “Europay, MasterCard, and Visa” after the original three developers of the technology, is not a new feature, however.2 European consumers and retailers have used this microchip payment system for years in lieu of the magnetic-stripe swipe to which Americans have become accustomed.3 So why have US payment networks and banks made the transition to cards with the EMV microchip? The answer begins with the fact that EMV-chip credit cards use a unique code for each transaction, making them harder to defraud in many instances compared to the magnetic stripe.4 This inevitably led to the recent credit card fraud liability shift that took place on October 1, 2015.5
In the past, card issuers were generally responsible for covering card-present fraudulent transactions, which has been estimated to exceed $10 billion annually in the US alone.6 In other words, US payment networks were previously held financially responsible to pay for all fraudulent transactions that involved a scammer using a “fake credit card” created from a victim’s real credit card data obtained via the magnetic stripe.7 After October 1, 2015, if a scammer obtains a victim’s credit card data from a card that has an EMV-chip, and then proceeds to use the magnetic stripe at a business that is not equipped to read and process an EMV-chip, that business is on the hook for paying the full cost of the transaction.8
It is important to pause and note that EMV-chip cards and the shift in fraud liability are undeniably a large step forward in curbing one aspect of credit card fraud.9 However, there remain many security problems and backdoors for scammers to exploit.10 For instance, online credit purchases and mobile payments, also known as “card-not-present transactions,” are still extremely vulnerable to fraud.11 Retailers predict that using EMV-cards may not significantly cut down on credit fraud, as scammers will move in droves to fraudulent online transactions.12
Completely moving the US over to the EMV-card system is expected to be a slow process, but the fraud liability shift has had the immediate effect of putting businesses under the gun of compliance.13 It is estimated that EMV compliance in the US will cost businesses over $8.65 billion to update or replace point of sale devices, ATM machines, and credit and debit cards.14 This necessitates a decision for business owners to either pony up the money for EMV compliant devices or risk the liability of fraudulent transactions.15
Will Retailers be Ready for EMV by Oct 2015?, Payments Leader (Oct. 16, 2013), http://www.paymentsleader.com/will-retailers-be-ready-for-emv-by-oct-2015/. ↩
Rachel Abrams, Chip Cards Will Require Users to Dip Rather Than Swipe, NY Times (Sept. 28, 2015), http://www.nytimes.com/2015/09/29/business/chip-cards-will-require-users-to-dip-rather-than-swipe.html?ref=dealbook&_r=0. ↩
Id. ↩
Kathryn Vasel, Got a New Credit Card in the Mail? Here’s Why, CNN Money (Sept. 26, 2015), http://money.cnn.com/2015/09/25/pf/emv-chip-credit-cards/index.html. ↩
Id. ↩
Will Retailers be Ready for EMV by Oct 2015?, supra note 1. ↩
Abrams, supra note 2. ↩
Understanding the 2015 U.S. Fraud Liability Shifts, EMV Migration Forum (May 2015), http://www.emv-connection.com/downloads/2015/05/EMF-Liability-Shift-Document-FINAL5-052715.pdf . ↩
Abrams, supra note 2. ↩
Id. ↩
Id. ↩
Id. ↩
Vasel, supra note 4. ↩
Will Retailers be Ready for EMV by Oct 2015?, supra note 1. ↩
Vasel, supra note 4. ↩