With a major chip card standard bearing down on U.S. merchants, acquirers, and issuers, small merchants in particular could face tens if not hundreds of millions of dollars in annual fraud losses they are currently protected from, a processor executive argues. Patty Walters, senior vice president for merchant products and security at Cincinnati-based Vantiv Inc., says most small merchants will be left unprepared for an onslaught of counterfeit-card fraud unless independent sales organizations, processors, and other acquirers educate them about the new risk and technologies to fend it off.
Walters is concerned that an October 2015 liability shift set by the major card networks to implement the Europay-MasterCard-Visa (EMV) chip card standard will leave unwary merchants vulnerable to counterfeit fraud for the first time. “Today, counterfeit fraud is not something a merchant ever sees,” she notes, since under current rules such fraud is assumed by the issuer. “It’s a monumental shift.” She cites estimates that losses due to counterfeit cards in the U.S. run into the hundreds of millions of dollars annually and have doubled in the past seven years as other markets, including Canada and Mexico, have moved to EMV.
Under the networks’ EMV plans, merchants that have not installed EMV-capable point-of-sale terminals within the next three years will assume liability for counterfeit-card transactions conducted in their stores. In such cases, criminals use legitimate mag-stripe data to make fake cards that will work in current POS equipment. They then typically use the cards to buy fencible goods or gift cards that can be marketed on online black markets. EMV combats counterfeit-card fraud by authenticating the card with a one-time value generated for each transaction.
While the liability shift will hit large and small merchants alike, Walters says small merchants are more likely to be uninformed and unprepared. “The difference is the small merchant may never hear about it,” she tells Digital Transactions News. Even merchants that become aware of the shift before October 2015 could act too late to get new equipment and software installed on time and find themselves defenseless when the deadline arrives, she says. “The day to start is today,” she warns. “We cannot wait a single day to begin giving our merchants this message.”
Indeed, Walters says it’s up to ISOs and other acquirers that call on small retailers to educate their clients about EMV technology and the new responsibility they will bear for fraud if they don’t install new, EMV-capable equipment. “It’s our post to stand,” she says.
Complicating matters is that the EMV standard refers to technology that emerged in the mid-90s. Though it has been adopted in much of Europe and Asia as well as in Canada and Mexico, in the U.S. payments industry EMV has largely been a matter of talk. This, Walters warns, can lead ISOs into a sense of complacency. “We’ve not done ourselves any favors, talking about this for well over 10 years,” she says. “Our channel partners have heard this story so many times they may be predisposed to believe this will all go away in time as it did in the past, frankly.”
But this time EMV in the U.S. is for real. “It will come to pass,” Walters says. “We will see significant adoption in advance of the October 2015 mandate.”
Walters concedes that acquirers that try to sell small merchants on EMV will face a number of obstacles. Small merchants tend to be price-sensitive, particularly when it comes to new POS equipment. Walters recommends “packages” that can include rental and leasing plans as well as outright purchases. Even if a merchant’s acquirer isn’t yet ready to process EMV transactions, the merchant can have the equipment installed and ready to download software when their the acquirer is prepared to support transactions, says Walters. Acquirers must be able to support EMV transactions by April, under card-network plans. “It’s time to move the payment infrastructure of the small merchant into the 21st century,” Walters says.