The Looming EMV Liability Shift
By Wolfgang Manz, President/CEO, PWM Electronic Price Signs
As the EMV — short for Europay, Mastercard, and Visa — liability shift deadline at the fuel dispenser looms, retailers from across the U.S. have been scrambling to make the best decision for their business and customers. Safeguarding payments at the pump can be a complicated and costly task, especially considering there are billions of transactions processed by over 160,000 convenience stores in the U.S. each year.
Meeting the October 1, 2020 deadline for outdoor security seems simple enough — fuel retailers must upgrade their terminals to accept chip-enabled credit- and debit-card software and hardware or risk paying the cost of future data breaches caused by skimmers at the pump. However, the road to U.S. EMV compliance has been bumpy for businesses looking to make the transition.
EMV compliance is not just about upgrading terminals to protect fuel retailers from liability, it is also about protecting customers from people who are trying to steal their information. With convenience stores being the only outlets left with terminals that are not yet EMV compliant, fraudsters have started targeting them more frequently using skimming devices.
Skimming is a form of payment card fraud and theft when thieves obtain unauthorized data to sell the information on the dark web, use the account to make purchases online, and create cloned credit cards that they often use to engage in stealing fuel. Thieves break into vulnerable fuel dispensers using universal keys and specialty tools that can be bought online or at your local hardware store. What is more shocking, skimming devices can be made for just a few dollars, making it a low risk high reward form of crime.
Consumers have become increasingly wary of fuel terminals and are looking for upgraded equipment when making their decision on where to purchase fuel.
Before we dive into how fuel retailers can achieve EMV compliance — let us look at how we got here.
August 2011 – June 2012: American Express, Discover, Mastercard, and Visa announce U.S. EMV migration.
October 2015: Liability shifts for transactions on non-EMV capable POS terminals (in-store).
October 2017: Original date for liability shift for transactions on non-EMV capable forecourt terminals.
October 2020: Revised date for liability shift for transactions on non-EMV compliant forecourt terminals. Fuel retailers that are EMV compliant will not be liable if fraudulent activity occurs at their terminal.
Throughout the entire EMV implementation process, fuel retailers have questioned what it means to be compliant, whether chip technology has been tested before, and potential consequences to their business and customers.
To help debunk some of the myths surrounding the looming EMV liability shift, here are a few misconceptions:
Fuel retailers are required to upgrade to EMV: False. There is no law in existence that mandates business comply with EMV upgrades — in fact, the EMV upgrade is not a result of a fueling technology change, rather it is a change in which processing networks and banks handle fraudulent charges and the ability of older equipment to deter skimming at the pump. Failing to make the EMV upgrade at the pump by October 1, 2020 will result in fraudulent charges becoming the responsibility of the fuel retailer. The question every retailer must ask themselves is — how much capital and potentially negative PR can I afford to expend by not making the EMV upgrade?
Implementing EMV will prevent fuel retailers from accepting magstripe cards: False. Today, most chip cards in use have a magstripe. When a customer attempts to use a chip enabled card at a non-EMV terminal, the transaction will continue to process, albeit in a less secure manner.
EMV is a new technology: False. EMV has been around for decades and was originally built for Europe, not the United States. Unlike the U.S., Europe did not have the telecommunications infrastructure to authorize card transactions in real time during EMV’s inception. As a result, the chip card was developed so the cards could authorize themselves. The body that maintains EMV specifications is known as EMVCo and its members include American Express, Discover, JCB, Mastercard, UnionPay and Visa.
Transactions will be 100% secure after making the switch to EMV: False. EMV technology will not prevent data breaches from occurring, but it will make it much harder for criminals to steal a customer's financial information.
The October 1, 2020 deadline is likely to be extended: False. The payment networks have made it clear that there will not be another extension to the EMV deadline. In December 2019, the Merchant’s Advisory Group’s push for another 2-year extension was rejected by Visa and Mastercard.
One obstacle facing retailers who decide to postpone upgrades is a shortage of installation technicians. The EMV process can take several months depending on a fuel retailers' financial position, location, and configuration. EMV goes beyond installing new equipment and requires coordination with a business's credit card processing provider. When devising an EMV plan it is important to consider the steps necessary to achieve compliance.
The National Association of Convenience Stores (NACS) estimates that fuel retailers will spend approximately $30,000 per store to accommodate chip readers, and that the total cost to the industry could exceed $4 billion.
As the adoption rate increases there will be fewer targets for fraudsters. The question of whether a fuel retailer can afford to overlook EMV is one that should be vetted now. One thing is for sure, as the EMV liability shift looms, it is better for businesses to be prepared and protected against fraudulent transactions so they can continue to provide safety and convenience to the millions of customers who visit convenience stores each day.