Client Alert - Merchants Face an October 1, 2015 Shift in Liability for Payment Card Fraud
As of October 1, 2015, all merchants in the United States, including restaurants, hotels, and retailers, will be liable for losses and expenses resulting from credit and debit card fraud if they have not upgraded their payment systems to accept the so-called “smart card” or “chip card” technology.
Consumers for some time have been issued new payment cards embedded with computer chips in addition to the magnetic stripes. These cards embody EMV technology (standing for Europay, Mastercard and Visa) designed primarily to increase security against fraud from counterfeit, lost or stolen cards.
EMV involves a two-factor authentication: First, the credit card is authenticated by the microprocessor chip when the card is inserted into a new point of sale (POS) payment terminal (instead of swiping the card’s magnetic stripe) or when the card is near a payment terminal that can read the chip. Second, the cardholder’s identity is validated by either a PIN or a signature.
Although the EMV system is already being used in an estimated 70% of the payment terminals outside the United States, U.S. retailers have been slow to incur the upgrade costs. This is about to change.
Starting October 1, 2015, American Express, Discover, Visa, MasterCard and other payment networks will shift liability in the United States for losses and expenses caused by payment card fraud. This liability will now generally fall on merchants who are not EMV-compliant rather than on the card issuers. This change could result in substantial chargebacks to merchants for large ticket transactions.
No one is being forced to adopt the EMV technology, and cards will still be issued with magnetic stripes for use in older terminals used by merchants who choose to ignore the liability shift. But the change presents an upgrade opportunity to modernize operations that can improve customer confidence and improve productivity, for example, by adopting mobile payment terminals. These possible benefits are in addition to avoiding liability for fraud and related operating expenses, and in some cases avoiding the annual validation requirement of the Payment Card Industry Security Standards Council (PCI SSC).
We recommend that you contact your POS provider to find out what new hardware, software, installation, training, timing and out-of-pocket costs are involved in becoming EMV-compliant. Once you upgrade, you will also have to contact your payment processor to request EMV-compliance certification.
For further information, contact William M. Borchard of our Trademark Practice Group.
Click here for a printable version.