Understanding the Oct. 1 chipped credit card deadline
Sep 25, 2015, 7:03 AM
This Wednesday, June 10, 2015 photo shows a chip-based credit card, in Philadelphia. U.S. banks, tired of spending billions a year to pay back fleeced consumers, are in the process of replacing tens of millions of old magnetic strip credit and debit cards with new cards that are equipped with computer chips that store account data more securely. (AP Photo/Matt Rourke)
(AP Photo/Matt Rourke)
Q: What should I do if I don’t have a new chipped credit card by the Oct. 1 deadline?
A: The new EMV standard, which stands for “Europay, MasterCard, Visa,” is an important step to improve security for credit and debit card transactions, but it’s creating quite a bit of confusion.
The Oct. 1 deadline actually only impacts physical retailers that conduct card-present transactions and not card holders.
The only thing that changes on Oct. 1 is the liability for fraudulent transactions switches to the “least EMV-compliant party.”
In plain English, it means, if an EMV or chipped card is presented to a merchant that does not have an EMV terminal and the transaction turns out to be fraudulent, the liability for the transaction now falls to the merchant.
Current estimates are that only 70 percent of credit cards and 41 percent of debit cards will be EMV ready by the end of 2015, so it may take a while for all of your cards to arrive with a chip. For now, all EMV cards will also have a magnetic stripe which allows them to be used in the traditional manner, so you don’t have to worry about which technology is being used by the merchant.
The EMV cards will come in two types: Chip-and-Signature and Chip-and-PIN.
Initially, credit cards will likely be Chip-and-Signature and debit cards will be Chip-and-PIN, so you’ll end up using them the same way, except you will dip the card instead of swiping it before either signing or entering your PIN.
When you have the choice, you should always dip (insert your card into the chip reader at the bottom) instead of having your card swiped because it’s much harder to steal useful information during the process.
All of the big name retail hacks you heard about in the recent past occurred because hackers were able to capture all the information they needed from the magnetic swipes to create duplicate cards. If EMV card terminals were in place during the hack, the information that the hackers were able to steal would have been pretty useless, because there isn’t any information that allows them to duplicate the card.
The deadline does not apply to ATMs or automated fuel dispensers at gas stations until 2016 and 2017, respectively, so don’t expect to see EMV terminals in those situations any time soon.
Does my business have to upgrade to EMV terminals?
If you’re a retailer with physical locations, I’d highly recommend you update your processing equipment, but you don’t have to, as long as you are comfortable with assuming the liability from fraudulent transactions.
One of the reasons the U.S. is one of the last countries to convert to the EMV standard is because the cost of conversion was higher than the cost of fraud for so long.
Dramatic increases in credit card fraud and point-of-sale data breaches has driven the industry to finally adapt this proven fraud deterrent like the rest of the world.
This could cause credit card thieves to focus on merchants that don’t adopt the EMV standards as well as online merchants, as has been seen in other countries after EMV was established.
