The United States’ EMV Liability Shift: Where are we now?
Last October’s transfer of fraud liability from payment card issuers to merchants provided many organizations with significant incentive to incorporate Europay, Mastercard, and Visa (EMV) technology. This shift in liability changed who would bear responsibility of chargeback costs in cases of fraud, which was traditionally the card issuer. Now, the party whose technology is least secure bears the cost. In other words, if the card issuer doesn’t support EMV, and fraud occurs at a payment terminal that does, the card issuer is faulted—and vice versa. As a consequence of the shift in liability, the consumer transaction process has been expected to shift as well.
EMV technology, which has been used for over two decades in global markets, involves a chip meant to replace the magnetic strips typically used in payment cards. These magnetic strips contain data that can be read with inexpensive card readers, whereas EMV chips must be cryptographically validated every time they are used. Additionally, the chips are tamper-responsive, causing them to erase all data within should they detect a tamper attempt.
Since the liability shift, the U.S. has made significant strides toward EMV-readiness. Major banks are issuing EMV cards and larger merchants have upgraded their payment terminals to support EMV transactions—either in preparation for or as a consequence of the liability shifts. Small businesses and banks, however, have been slower to adopt the new standards—in part due to the costs. Nonetheless, progress continues to be made and consumer data is more secure for it.
Futurex is proud to have played its part in securing EMV. Our technology is used across all facets of the EMV transaction process, from handling the portion of the issuance process requiring strong cryptography, to validating transactions at the Point of Sale.
As EMV adoption continues to advance, we look forward to working with merchants and card issuers worldwide to ensure the security, functionality, and scalability of their enterprise data security infrastructure.