What Is the EMV Liability Shift?

emv chip card and reader

Major U.S. financial institutions, such as banks and credit union, have been issuing EMV chip cards to their customers since 2014. EMV cards are also referred to as chip cards or smartcards because they are manufactured with an embedded microchip (that functions like a mini-computer) that offers stronger security features and other capabilities traditional magnetic stripe cards don’t have.

The move from the traditional cards with the magnetic stripe on the back to the new ones with an embedded computer chip is aimed at reducing fraud with counterfeit cards. Global losses have risen steadily despite the best efforts of global law enforcement agencies, increasing pressure to find a global solution.

The chip stores information securely and performs cryptographic processing that keeps the data safe from fraudsters and identity thieves. Mag stripe cards have been the standard in the U.S. for over 50 years but in early 2015 U.S. government agencies began shifting to chip-and-PIN cards under presidential executive order. The major card companies also changed the rules regarding liability for counterfeit card-present transactions to encourage the U.S. adoption of EMV technology.

The EMV Liability Shift took place in October 2015 with the exception of gasoline dispensers who have until October of 2017 to upgrade to EMV card readers to remain compliant. Prior to October 2015 the card-issuing banks assumed any liability if fraud originated from a counterfeit, lost or stolen credit card.

Since the shift of October 2015 if a fraudulent purchase is made using a counterfeit card in your business, you may assume responsibility for the fraudulent cost if you have not upgraded to an EMV enabled terminal. However, this industry-mandated EMV liability shift impacts all in the payment processing chain — the issuing bank, the acquiring bank, the payment processor, and the merchant. MasterCard defines the liability shift this way: The party, either the issuer or merchant, who does not support EMV, assumes liability for counterfeit card transactions. The term issuer refers to banks, credit unions, and any other financial institution issuing credit or debit cards.

Merchants aren’t officially required to install the technology to accept the new cards, but they risk incurring more costs if they don’t. According to Rippleshot, a fraud-analytics firm in Chicago, restaurants, grocery stores and liquor stores are among the most popular places where cardholder data are stolen. Small and midsize merchants may be particularly vulnerable because they have been slower to adopt the new technology.