The Credit EMV liability shift is now well behind us all and it’s been smooth sailing for everyone, hasn’t it? A recent report from the Strawhecker Group shows only 37% of merchants are reporting EMV compliance.
MasterCard is also reporting a reduction of EMV ready merchants in overall counterfeit card fraud with a decrease of 27% in terms of their overall U.S. dollar volume from January, 2015 to January, 2016. It isn’t clear whether that fraud really went away or simply shifted from issuers to merchants.
Non-EMV fraud risk will climb
As the numbers start to flip and non-EMV terminals are in the minority it’s believed those merchants will see escalating fraud attempts as the opportunities dwindle.
While the industry knew EMV compliance was going to be a monumental effort, many merchants did not fully understand the impact to the bottom line. The buzz was about security and liability but did merchants really understand what that meant? EMV is secure because the card is capable of much more using the chip to store applications and capabilities to be updated when inserted into a terminal. Once a card is breached the EMV system can stop the use of the card and merchants who are EMV ready, are protected from liability for transaction before the breach is caught. For those that aren’t ready, the impact of delaying can bring pain to many CFO’s eyes.
Why implement EMV sooner rather than later
Many merchants will look at their chargeback history and see that they are paying much less for chargeback management than implementing an EMV solution. Before EMV a merchant simply produced the invoice with a signature and were able to fight chargebacks and occasionally win. Sometimes though, the merchants weren't aware they had taken a fraudulent card at all. The liability that was shifted previously went against the card issuers and absorbed without the merchant being aware.
In an EMV world this isn’t the case, if the card number is linked to an EMV card and used in a non-EMV swipe device there’s very little a merchant can do to fight it. Signatures or not, the transaction wasn’t EMV and the ruling is final.
When the merchant realizes they’ve been targeted they are often now looking at losses for the chargebacks and the costs of EMV implementation.
Once a fraudster has found you, they and their associates will return over and over until you are compliant. It takes an average of 45 days for a chargeback to hit the merchant and in that time the losses can really add up. When the merchant realizes they’ve been targeted they are often now looking at losses for the chargebacks and the costs of EMV implementation.
In some cases, we’ve seen hundreds of thousands of dollars in chargebacks against a small chain of stores. Taking the loss and then converting to EMV can be costlier than the merchant can handle.
If you’re still on the fence you may want to think about updating your procedures at checkout to try and catch fraud before you transact. Heartland Payment Systems has some tips that help you spot fraudulent cards here.