By October 1, 2015, many people in the U.S. who use credit cards will likely notice changes when they pay for purchases at retail stores. The reason for the change is the “EMV liability shift” scheduled to occur on October 1 (EMV is an acronym for EuroPay, MasterCard, and Visa). As we had previously described, the “liability shift” is an incentive for both merchants and card issuers to increase card security and reduce counterfeit card fraud. Note that many U.S. consumers have already begun receiving new cards with chips.
Retailers should note that there are two ways to implement the new EMV standard: chip-and-PIN and chip-and-signature. Chip-and-signature is closer to the current way credit cards are used in the U.S.: the cardholder will insert the card into the reader and then sign a pad or paper receipt. The concern with this form of EMV implementation is that, although the chip makes counterfeiting the card much harder than is the case with the current magnetic stripe cards, using a signature means that a stolen credit card can still be used by a thief, who would only need to sign his/her name.
In contrast, chip-and-PIN represents a more dramatic change for retail customers, although it is commonly used in many other countries around the world. The chip-and-PIN process resembles an ATM transaction: the cardholder inserts the card into the reader, and then enters a PIN associated with that card. That “something you know” element (PIN) is intended to be a form of authentication that the person using the card is the legitimate owner. The combination of “something you have” (the card) plus “something you know” (PIN) is designed to provide a higher level of security.
Regardless of which method is chosen, if they have not already done so, merchants should consider switching to the new EMV technology now, in order to have the devices and systems tested and in place prior to the October 1, 2015 “liability shift.”
For those merchants who have already started to switch to EMV technology, in addition to testing the new equipment and training employees, merchants should consider posting notices or otherwise informing customers of the upcoming changes. If the merchant has selected chip-and-signature, probably the biggest change for consumers will be the requirement to leave the card in the reader until the transaction is done. If the card is removed too early, the transaction will not be completed and the customer will need to begin the transaction again—delaying checkout, at a minimum.
If the merchant has selected chip-and-PIN, in addition to the requirement to leave the card in the reader, the consumer will be required to enter the PIN associated with the card. What happens if the customer doesn’t know his/her PIN? Unlike the situation above where the customer need only re-insert the card to complete the transaction, obtaining/resetting a PIN is not within the customer’s sole control. Will customers want to contact their payment card company/bank at that moment via their cell phones in order to obtain the PIN—delaying checkout? Will the customer abandon the transaction? Will the merchant decide to use in this instance the chip-and-signature or current technology (magnetic stripe “swipe” plus signature) to complete the transaction but assume the potential liability?
Merchants selecting chip-and-PIN may wish to avoid the need to answer those questions. Alerting customers that this change is coming and that customers will need to enter their PINs for payment card transactions in stores after October 1, 2015 can help everyone adjust to the new cards. In addition, merchants may wish to include an alert/reminder to consumers in their advertising for the December holidays, to help minimize potential issues at checkout while receiving the benefit of a more secure payment card.