EMV Compliance: Laws, Deadlines, & More Explained
If you’ve been in business or started a business in the past decade, chances are you’ve heard about EMV (more commonly known as chip). 2015 marked the national transition and original incentives of EMV, although chips have been used for years in countries like the UK.
Not integrating EMV into your business isn’t a repercussion-free option — you are opening yourself up to significantly more risk and in many cases are completely liable for fraudulent transactions accepted with magstripe instead of EMV, and we’ll cover the details and deadlines of that shortly.
The hope is that by 2020 everyone will be switched over to EMV, and the US markets will finally complete their walk into a more modern payments industry. Nevermind that the UK is already transitioning to contactless payments across the country!
We’re going to explain exactly what EMV compliance is, why it matters to you and your business, and what you need to do to be compliant.
What is EMV compliance?
EMV stands for Europay, Mastercard, and Visa. EMV compliance is a global payment technology standard established by cardmember associations like Mastercard and Visa designed to protect customers from fraud.
The cardmember associations (American Express, Discover, JCB, Mastercard, UnionPay, and Visa) met in 1993 and built chip technology as a defense against the frequent (and substantial) breaches that occurred in the 2010s.
More and more consumers were getting their data stolen when transacting with magstripe technology, and fraudsters were getting increasingly more sophisticated with the size and scope of their operations.
Since magstripe data could be used in multiple transactions, criminals only needed to steal a person’s data once to get a long runway of use before getting caught. Chip technology was specifically designed to fight back against these data breaches.
What is “chip” technology?
EMV chip technology is vastly superior to their magstripe predecessors — assigning individual, anonymized tokens to each transaction via a computer “chip”, rendering any data that could be stolen essentially useless because that transaction data can’t be used again.
Again, magstripe data can be used for transaction after transaction, making it much more valuable to fraudsters. EMV won’t stop people from stealing data, but selling that data and using it will be much more difficult than it used to be!
And so far the results of EMV compliance are fantastic: when you compare September 2018 to September 2015, chip-enabled merchants saw an 80 percent drop in counterfeit fraud compared to a year earlier, according to Visa.
What is the "compliance" portion of EMV?
Compliance just means having your tech up to date.
For merchants, EMV compliance means upgrading existing hardware to support chip technology. This change needs to be universal across your business — anytime transaction not accepted with EMV isn’t compliant.
While you can still accept transactions without EMV, you are opening yourself up to a ton of liability and are subject to the rules that apply to non-EMV transactions. Keep in mind that this only applies to transactions where a physical card is used. Online transactions still play by the old rules.
And it’s not just liability you should be worrying about. Customers don’t like companies that are risky to transact with. It’s a bad customer experience, and when fraud happens consumers often lose trust in the business they were transacting with.
About the credit card chip law
If you’ve been doing a bit of research or have received a notice, you’ve probably heard about the credit card chip reader law.
The first thing to note is that this isn’t actually a “law” in the traditional sense. This is more of an industry-specific regulation as dictated by the card member associations.
The EMV compliance “law” states that all merchants need to upgrade their POS systems to support EMV chip cards.
If you don’t, you’ll be liable for transactions accepted with methods like magstripe. This liability shift has wide repercussions and makes fighting back against chargebacks essentially impossible. So if your business swipes when it should be dipping, the issuing banks are going to leave you out to dry.
The original deadline for this liability shift was October 1, 2015, meaning if you aren’t currently supporting EMV, you are already at a much higher risk (excluding gas stations, which have until October 2020 due to the overwhelming amount of regulations they have to comply with).
Even though it’s been years since the deadline, some businesses are still hesitating to switch. This is a mistake. With new tech and hardware making the switch easier and cheaper, upgrading to be EMV compliant is always the right choice. The time for debate is over — you will most certainly lose money down the line (if you’re not already doing so).
Why are we so sure?
Because if a transaction you accepted with something other than EMV turns out to be fraudulent, you will be held responsible for the damages with no exceptions.
And consulting firm Deloitte found that 90% of the impacts of a data breach on a business are hidden and don’t fully surface until two or more years afterward.
In other words, you could already be racking up breach fines and liability that you won’t be aware of for months — maybe even years. The smartest thing you can do for your business immediately is begin switching to EMV.
Credit card chip law deadline
Merchants fall into two major camps when it comes to the credit card chip law deadline: merchants who can be considered gas stations and everyone else.
For almost all merchants, the deadline has already passed. It was October 1, 2015. Since gas stations have to deal with a myriad of regulations and hop over a lot of bureaucratic puddles, they have until October 1, 2020.
Getting gas stations to get on board has been pretty tricky for Visa in part because gas stations only make up around 1% of all payment fraud, and many gas stations don’t think the upgrade is worth it.
There isn’t a lot of movement right now based on the pushback of the deadline and the relatively low level of fraud occurring at the pump. There’s a wait-and-see mentality.
Says Marci Gagnon, vice president of business development and operations at AVATAS Payment Solutions, a unit of Cayan that focuses on the energy and service industries.
No doubt that October of 2020 will definitely be a sticky time in the payments industry.
If you’re just starting a business and are reading this to make sure you know what payment processing equipment to get for your business, just make sure everything you get (including your POS) is already set up for chip.
Your exact steps to EMV compliance
Becoming EMV compliant is easier than ever. All you need to do is:
- Have EMV abilities at all card-accepting terminals.
- A POS system that supports EMV.
- And/or mobile readers that also accept chip cards.
One of the biggest advantages of switching to EMV is the ability to fight back against chargebacks and not have to suffer both the losses of the services rendered but also pay the customer loss.
Switching to EMV will be the biggest help if you haven’t done so, but there are also a lot of strategies you can incorporate into your business to help.
What you can do to fight back against chargebacks:
- Upgrade to EMV immediately.
- Keep track of all your receipts and purchase orders.
- Have online systems like AVS, card verification, and Visa's latest 3DSecure system to prevent fraud.
- Shipping tracking numbers
- Delivery confirmations.
- Customer data and previous order data.
Upgrading to EMV is easier than ever
You may have been avoiding upgrading to EMV because of all of the associated hardware and software costs, but we’re proud to say that the cost of switching has never been cheaper.
And regardless, whatever you spend on switching you will save in the long run due to your newfound ability to fight chargebacks and avoid more fraud liability for physical transactions.
No matter your size or transaction volume, we offer unique EMV upgrades that fit directly into your system. Our team of EMV and POS experts have over half a century’s worth of payment processing experience, and we can facilitate a successful transition with the minimal amount of downtime necessary.