By Noah Dermer, Security Officer, InstaMed
Twitter: @InstaMed
Twitter: @NoahDermer
We’ve come a far way since the EMV fraud liability shift went into effect four years ago in October 2015. Since then, swiping cards has almost become a thing of the past. Consumers have come to expect chip-enabled payment cards for making purchases, and merchants have made great strides to accept EMV. But there is still work that needs to be done. Let’s take a look back at the impact of the EMV fraud liability shift and see what the payment industry still has left to do.
What was the liability shift again?
In October 2015, the major processing banks implemented a shift that transferred fraud liability to merchants who accept fraudulent credit cards, unless they use EMV-capable point of sale (POS) devices. As a result, merchants across the U.S. upgraded their devices as consumers received chip-enabled credit and debit cards from their banks.
How is EMV more secure?
Prior to EMV, credit cards digitally stored data in a magnetic strip on the back of a physical card. This meant the data was static: it never changed. That made it very easy for thieves to swipe the info and use it in other places. EMV chips, on the other hand, create a unique token—a code that can never be used again—for each transaction.
What is the benefit of EMV?
One of the major reasons for bringing chip-card technology to the U.S. was to prevent counterfeit fraud. According to Visa, counterfeit fraud dollars have dropped 76 percent from September 2015 for merchants who have completed the chip upgrade. Fraud dollars for all U.S. merchants have declined by 49 percent.
How many merchants are using EMV?
Visa reports that over 3.5 million merchant locations are now accepting chip cards with 75 percent of U.S. storefronts now accepting chip cards. Additionally, the number of active chip cards increased from 159M in September 2015 to 509M as of March 2019. That’s a 219 percent increase since September 2015.
The past few years have been very successful for EMV. Visa reports that 99 percent of overall U.S. payment volume in March 2019 was on EMV cards.
So, why haven’t all merchants adopted EMV?
Merchants have made significant strides to adopt chip technology, but we have not reached full adoption despite the liability shift. The reality is that EMV is more than just a device change, it is a process change.
There are plenty of expensive devices available for purchase that support chip card transactions, but having an EMV-capable device is not enough to actually process EMV transactions. Your merchant processing solution needs to be able to support EMV as well. In order to do so, your vendor needs to become EMV-certified with every processor they work with, every card brand and every device they offer. Not only is the certification process difficult and time-consuming, it can cost tens of thousands of dollars each time a vendor goes through the process. Ultimately, a lot of roadblocks can pop up, usually as a result of handoffs between your gateway, processor and acquirer.
Does InstaMed support EMV?
InstaMed is certified with all major card brands for EMV. By 2020, Mastercard and Visa will require that all U.S. merchants can accept contactless payments. InstaMed is prepared for this mandate and offers multiple options for contactless-enabled devices.
What else can merchants do to stay protected?
To protect payments at the POS, you should work with a full stack payment vendor who can support EMV. Full stack means a single platform that has ownership and accountability of the end-to-end healthcare payments infrastructure, from the point where you capture payment information through the funding, settlement and reconciliation. A full stack vendor eliminates the handoffs between acquirers, gateways and processors because it manages all of these functions on a single platform. This means fewer roadblocks and diversions to deliver payment innovations, like EMV, Apple Pay, Google Pay, and beyond.
Don’t forget to protect your POS payments with multi-layer security. EMV is effective at protecting against card-present fraud, but it won’t protect you from a breach. Make sure your payment devices can also support PCI-validated point-to-point encryption (P2PE) to arm your POS with the strongest payment security.
This article was originally published on InstaMed and is republished here with permission.