dropdown-arrow

Retailer Cyber Attacks and Implications of the EMV Liability Shift

article-image

Almost half of the world’s credit card fraud takes place right here in the United States. To combat that trend, new technology has been adopted in the form of Europay, Mastercard and Visa (EMV) “chip and PIN” credit cards.

Many of us are used to the traditional method of swiping credit cards through a device that reads cardholder data via a magnetic stripe. In the coming months consumers may notice a significant change in the way these credit card transactions occur. Credit cards equipped with the new EMV technology will have a chip containing dynamic authentication information that changes with each transaction. Customers can then enter a personalized PIN number.

Merchants will be able to accept payment three ways, each method having varying degrees of security:

  • Most Secure: Customers insert the EMV card and enter their PIN number. 
  • Less Secure: Customers insert the EMV card and sign the receipt. 
  • Least Secure: Customers swipe the EMV card and sign the receipt, as they currently do, since the new EMV cards can still be used on the traditional swiping terminals. 

In order to take advantage of the new and more secure method of payment, issuing banks will need to provide the new cards to their customers and merchants will need to upgrade their payment terminals.

This is where the “liability shift”, effective October 1, 2015, comes into play between the card-issuing bank and the merchant. Consider these two scenarios:

  • Liability for counterfeit card transactions shifts to the merchants -
    The bank issues the new “chip and PIN” credit cards to customers. The merchant does not upgrade their traditional magnetic swipe terminals to accept the new cards. The new cards are used at the merchant store. The merchant is breached by hackers and counterfeit cards are created and used. 
  • Liability for fraudulent card transactions falls upon the bank
    The bank issues only the traditional magnetic stripe cards. The merchant upgrades their terminals to accept the new “chip and PIN cards”. The magnetic stripe cards are used at the merchant’s store. The merchant is breached by hackers and counterfeit cards are created and used. 

EMV technology has been adopted outside the United States and has proven to be an effective way to significantly reduce credit card fraud for in-store purchases.

It should be noted that the new EMV technology will not prevent credit card fraud for online shopping, or anytime a credit card is not physically present for a transaction. In fact, the new technology may drive hackers to focus even more if not all of their efforts on online transactions.

HUB Risk Services has tools to help you protect your clients from cyber breaches and important information that explains how your PINs and passwords can easily be hacked.

Contact a Cyber Risk expert today.