Five Months and Counting to EMV: Are You Ready?

July 8, 2015         By: Matthew Katz

The EMV fraud liability shift will take place on October 1 of this year, but many merchants are finding themselves ill prepared.

According to Forrester Research, widespread adoption won’t occur until 2020[1]. While EMV will basically eliminate card-present fraud, experts warn merchants shouldn’t consider chip & signature (and PIN) the only method of fraud prevention, particularly when it comes to card-not-present (CNP) fraud.

Even when EMV is officially rolled out, fraudsters will still be able to copy data and create counterfeit mag-stripe cards that will be accepted at any mag-stripe terminal, as well as use counterfeit or stolen card information in CNP transactions. In fact, as EMV is officially adopted in the US, CNP fraud is expected to more than double by 2018 [2].

Education, prep, and a proactive approach to combating online fraud are key to ensure additional costs are minimized when the liability shift goes into effect.


Lack of Awareness; Need for Education

Currently, merchants are protected from the $3 billion in counterfeit credit card fraud at the point of sale, a number that will grow to $3.6 billion in the US by the end of 2015.

As of October 2015, a portion of this burden will impact merchants who don’t upgrade. This fraud will disproportionately affect small and midsize merchants that sell fungible goods such as gift cards, jewelry and electronics, as well as those who will lag in upgrading their terminals [3].

According to the Aite Group, awareness of the migration to chip among small to mid-size U.S. retailers increased with two-thirds of merchants aware of the standard.

There is still a significant awareness gap with the remaining one-third of merchants still unaware [4].

While all major US merchants have either begun or completed their conversion to chip-capable terminals, [5] one survey shows up to 70 percent of small merchants will not be EMV-ready by the October 1 deadline [6]. This data illustrates a clear and urgent need for aggressive and ongoing education among the small business community.

With an urgency for EMV compliance education, many key payments industry players are doing a number of things to foster awareness.

  • The Retail Solutions Providers Association (RSPA), the industry association for the POS technology ecosystem, announced the creation of EMV Central, a new resource page on the RSPA website designed to support their EMV Education and Awareness Campaign [7].
  • Visa is conducting a 20-city tour to educate small businesses about EMV technology and the shift in fraud liability if they don’t upgrade their terminals.
  • As an independent trainer and EMV technology company with experience in Europe, the SCIL-EMV Academy is performing EMV training sessions throughout the U.S. The organization has at least two workshops scheduled most months into early December.
  • Other training efforts have been organized through the card networks, the EMV Migration Forum or SmartCard Alliance.

While the list of educational resources above are a good start, these are just a few options available. Regardless of how you choose to educate yourself, I urge you to do so to ensure you do not end up holding the bag on additional fraud costs when the liability does shift in October 2015.


EMV Compliance Prep

What steps do you need to take to become EMV compliant? EMV enablement has several different components, including payment system upgrades and integration, transaction messaging, testing QA and certification. Here’s a snapshot of each component to become EMV compliant:

  • POS device upgrade or integration – there are a ton of options out there with different ranges of quality, support and agility to adapt to future innovation. Here are a few options to consider, based on their implementation ease.
    • Easiest – Standalone/electronic POS device/electronic data capture device. Typically preferred by smaller merchants, it requires minimal merchant effort because it’s solely managed by the acquirer/processor and only offers the options they support.
    • Medium – Semi-integrated POS device. Favored by mid-sized merchants, this allows flexibility in choice of PIN pad manufacturers, acquirer processors, acquirers and third-party vendors. This is more challenging than standalone, but offers options enabled by a fully-integrated environment without all of the added complexity.
    • Most difficult – Fully-integrated POS system. Favored by larger merchants, it’s more complex to implement but maximizes flexibility between the payments software module/middleware and the merchant’s store system’s application.
  • Transaction messaging – Merchants will need to accommodate transaction messaging for EMV-based payments. This will require coordination with your acquirer/processor.
  • Testing QA – Per Visa requirements, new terminals will need to be tested in the merchant environment to ensure EMV technology functions properly. This means each unique terminal configuration must be tested with cooperation of the merchant’s acquirer and/or acquirer processor during the migration.
  • Certification – Based on limited EMV awareness, training is key to preparing for the liability shift. Sales staff, back-office staff and consumers should all be trained on a number of different aspects of EMV, including proper use for new chip cards and chip-related chargeback and dispute resolutions processes.


A Comprehensive Approach to Combating Online Fraud

Almost all single-layer authentication methods are imperfect. As EMV approaches and CNP fraud booms, fraudsters are becoming more advanced in their techniques to steal data, making it difficult for merchants to keep up. As merchants evaluate their compliance and capabilities, they should also examine their current fraud prevention tools on both the front and back end.

With fraudsters getting smarter, merchants can’t afford to have a one-dimensional or static fraud strategy. By implementing the proper combination of fraud protection tools and multi-layered authentication systems, merchants can maintain a secure payment processing operation without going overboard and inhibiting legitimate sales. A word of caution though, these tools should be layered and balanced for the best results. Too much front-end fraud protection means the loss in legitimate sales. Too little means adverse risk and potential profit loss.


Words of Wisdom

The EMV compliance date is imminent. Education, prep and a comprehensive fraud strategy are key to success.

A comprehensive and balanced fraud prevention strategy is critical to protect profits from fraudsters who will infiltrate the CNP channel soon and in the foreseeable future.

The fact is, CNP merchants who fail to dedicate the proper attention to adapting the right tools to their business may find themselves with significant sales or fraud losses, whether they are EMV compliant or not.

About Matthew Katz, CEO, Verifi, Inc.

Matthew Katz is the founder of Verifi, Inc. and currently serves as the Chief Executive Officer. He has been profiled by the NY Times, LA Times, Forbes, and Business Week, among others. He has also served as a speaker, panelist and presenter for various industry events, including CNP Expo.

Verifi, an award-winning provider of end-to-end payment protection and management solutions, was founded in 2005 to help merchants effectively manage the payments challenges they face every day. Verifi helps merchants safely process payments, combat fraud, prevent and resolve costly chargebacks, as well as increase billings and keep loyal customers. Headquartered in Los Angeles, California, the company processes more than $20 billion transactions annually and currently serves more than 7,000 accounts globally. For more information, visit: