EMV or chip card technology (named after its original developers Europay, MasterCard and Visa) long used in Europe, makes it harder for criminals to produce counterfeit credit and debit cards. EMV chip technology is becoming the global standard for credit card and debit card payments. Chip-enabled cards are standard bank cards that are embedded with a micro-computer chip. Some may require a PIN instead of a signature to complete the transaction process. Unlike magnetic-stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that cannot be used again. EMV technology will not prevent data breaches from occurring, but it will make it much harder for criminals to successfully profit from what they steal.
If fraud occurs after EMV cards are issued, who will be liable for the costs?
- Before October 1, 2015, if an in-store transaction was conducted using a counterfeit, stolen or otherwise compromised card, consumer losses from that transaction fell back on the payment processor or issuing bank, depending on the card's terms and conditions.
- Following the Oct. 1, 2015 deadline created by major U.S. credit card issuers MasterCard, Visa, Discover and American Express, the liability for card-present fraud shifted to whichever party is the least EMV-compliant in a fraudulent transaction
So, that means that in most instances, if a restaurant does not have EMV technology and there is card-present fraud because of the use of a chip-enabled card, then the liability will rest with the restaurant.
The restaurant industry has been slow to embrace EMV technology for a number of reasons.
- There has traditionally not been a lot of fraud at restaurants so the cost-benefit analysis of converting to EMV technology has not made business sense to date
- There is a backlog for merchants that only ordered their EMV-capable equipment last fall.
- Required certification of each merchant’s EMV process is delayed due to a backlog of requests.
- The certification process itself can be complex (dealing with software and hardware vendors) and slow, taking a month or longer.
There has been an uptick in the number of chargebacks against restaurants that do not have the EMV/chip technology. Because the liability shift places the responsibility on the least compliant party (the business without EMV technology is usually the least compliant), restaurants have been a large fraud target.
Generally, EMV-ready restaurants—from QSRs to fine-dining— should follow these procedures:
- Insert chip cards in the terminal and follow the instructions.
- If the chip card can’t be read and it needs to be swiped instead, have the clerk/server check for ID and get a signature (the merchant can still be liable, but for a less likely fraud).
- If the chip card is declined, do NOT accept it.
- If the clerk/server is going to manually enter card data because the customer insists on using a card that does not have a chip or a readable magstripe, then make sure they check for ID and get a signature and a card imprint, if practical (again the merchant will be liable but for a less likely fraud).
Businesses that are not EMV-ready are liable for card fraud, so they should consider checking ID for all card transactions.