Why right now? The liability shift is still months away. Many of your customers don’t have chip cards (in fact, many of them probably have no idea what that even means).
So why now instead of later?
U.S. is 14 years behind the EMV curve
This is not just another new program from the card brands. Europe and most of the rest of the world have been using chip-based technologies to combat fraud for 14+ years. So we in the US are already behind the curve (or, potentially, behind the eight ball, which leads me to the second reason).
Chip Technology Makes it Harder to Use Fraudulent Cards
As most human behaviors, fraud follows the path of least resistance. Two decades ago, card fraud was rampant around the world. But as each country adopted secure measures to prevent and detect fraud, criminal enterprises moved toward easier targets. Because chip technology is now the standard in the rest of the world, the US is left in the unenviable position of being easiest market in which to capture consumer data as well as to use fraudulent/counterfeit cards. Currently, we are the weakest link.
Missing the EMV Liability Shift Bears Significant Costs
The major card brands saw this storm building on the horizon and took steps to stem the tide of potential fraud before it hit our vulnerable shores. (There is still a lot of misunderstanding about what the mandate is and what it means to those affected. The actual mandate required that acquirers and processors be able to support EMV by late 2012/early 2013. And the mandate came from the card brands, not from the US government.) Now that the infrastructure and processing abilities are in place, merchants and banks do not have a “mandate” to adopt EMV. Instead, their motivation comes from the impending shift in liability.
What that means is that, up until now, the card issuer has been responsible for losses due to card fraud. As of October 2015 (for most merchants), liability for losses due to counterfeit fraud in EMV card-present transactions shifts to merchants/acquirers if the merchant has not implemented EMV-enabled point of sale devices. From that point on, the risks you incur by not having EMV systems in place multiply exponentially. Some card brands also include lost/stolen card use in this liability shift.
EMV-ready POS Protects Your Brand
It’s also important to consider that we’re not just talking about financial risk, although that is certainly significant. A financial loss is actually easier to recover from than a blow to your brand’s reputation. When you are forced to inform a customer that his or her private card data has been compromised – and possibly counterfeited – it’s too late. Why risk that black eye and the consequences that go with it? Think of Target’s stunning losses in sales volume and revenues, 17% drop in stock value, public humiliation of its CEO, and negative shift in customer perception. EMV alone would not have prevented the data breach, but it would have made the data less valuable to fraudsters, since counterfeit EMV cards will not work if presented at an EMV-enabled point of sale. That brings up the corresponding case. Even if your system was not breached, by accepting a counterfeit EMV card without having an EMV-enabled point of sale, you could unknowingly accept fraudulent transactions. The cardholder’s statement shows your business name associated with the fraudulent transaction, and the customer realizes that you failed to prevent that criminal usage. If your customers doubt your concern and your integrity, they will take their business elsewhere.
It Takes Time to Learn New Ways to Pay
Finally, the last reason is that your customers and associates need time to learn and adjust to the changes in point of sale processes that using chip-and-PIN cards will require. The new processes – inserting the card instead of swiping it, possibly entering a PIN instead of signing a receipt, even knowing when to insert and remove the card during the transaction –require breaking habits that have been in place for decades. Simply implementing a new system on day one of the liability shift is a recipe for disorder and dissatisfaction. Planning, preparing, training and practicing are key to making the transition easier for everyone involved.
Yes, you could bide your time. Yes, you could wait until the eleventh hour. But the public understands that you’ve been put on notice, and they will notice if you neglect this proven opportunity to protect their card security.
It’s said that he who hesitates is lost. When it comes to implementing EMV, the losses keep mounting. Right now, the estimated average cost per compromised account is nearly $200. You do the math.
Implementing EMV can be complex and time consuming if you have integrated systems, or somewhat simpler if you use a preprogrammed stand-alone device. Either way, it’s not too early to start your implementation. When it comes to putting secure POS systems in place, there really is no time like the present.
Allen Friedman serves as Director of Payment Solutions at Ingenico Group, North America.