EMV Chip Cards: Who is Really Benefiting?
Christopher M. Barber, KLJ Staff Editor[1]
Many U.S. consumers have begun to notice a change in the transaction process when making a purchase with their new Europay, MasterCard, and Visa (EMV) chip card. This trend, in large part, is due to the overwhelming number of data breaches that merchants and retailers, most notably Home Depot and Target, are experiencing.[2] In an effort to decrease the amount of fraud that occurs in the United States, U.S. card issuers are following the lead of many other countries and making the transition to EMV chip cards.[3] These cards offer consumers more protection against fraudulent activities by using a computer chip located on the front of the card, which produces a one-time only transaction number for each different purchase, thereby eliminating any future transactions with that same transaction number.[4] This differs from other cards, which use only the magnetic-strip on the back of the card; cards were formerly assigned one unchanging transaction number for all purchases, thereby allowing an unlimited amount of uses if the transaction number was stolen.[5]The transition to EMV chip cards was initiated by EMVCo, a coalition of American Express, Discover, JCB, MasterCard, UnionPay, and Visa, who strive to “facilitate worldwide interoperability and acceptance of secure payment transactions.”[6] Merchants will be required to update their point of sale (POS) systems and terminals to accept EMV chip cards or else assume liability in the event of fraud.[7]October 1, 2015, was the first “Liability Shift” date from U.S. card issuers such as MasterCard.[8] This shift date was meant to incentivize merchants and retailers to update their POS systems and become EMV chip compliant.[9] However, many merchants and retailers could not comply with this date due to cost, and are currently liable for counterfeit fraud.[10] Generally, after these shift dates, the least EMV-compliant party will be held liable for any fraud resulting from a transaction; this is true whether the least compliant party is a card issuer that failed to give an EMV chip card to its user, or whether the least compliant party is a merchant that failed to install EMV chip reading machines in its stores.[11] However, if both parties are EMV-compliant, the liability will fall upon the card issuer.[12]Visa has seen an enormous increase in the usage of EMV chip cards over the past year.[13] Likewise, MasterCard reports that as of July 2016, 88 percent of MasterCard users have EMV chip cards, and 33 percent of all merchant locations on its network have EMV chip-enabled technology.[14] Data from MasterCard shows there has been a decrease of 54 percent in counterfeit fraud costs to merchants who have completed, or are close to completing, the adoption of EMV technology; at the same time, there has been an increase of 77 percent in counterfeit fraud costs among merchants who have not converted.[15]While most merchants have already started to make the transition to EMV chip certified terminals, not all merchants have done so. The estimated cost for transitioning to EMV- compliant equipment will average from 8.5 to 35 million dollars for the entire U.S. market.[16] This transition is expensive and costly for many merchants; for this reason, some businesses have chosen not to adapt to the new EMV chip technology requirements.[17] While many merchants do not have the capital to make this transition, they fear that consumers will begin to shop elsewhere due to a lack of security in transactions.[18]Currently, there is ongoing litigation in B&R Supermarket, Inc. v. Visa, Inc., where the Plaintiffs represent a class who argue that EMVCo and its card-issuing members conspired to enforce the “Liability Shift” of fraud onto merchants until the EMV chip technology was certified by EMVCo.[19] Even though the Plaintiffs had purchased the EMV chip-enabled technology, it had yet to be certified by EMVCo and the Plaintiffs were charged for all fraudulent transactions, which previously were paid by the card issuer.[20] Plaintiffs further allege that EMVCo and its card-issuing members knew it would take an extensive amount of time to fully transition to EMV chip-enabled technology.[21] Canada began its EMV chip transition in 2008; as of 2014, EMVCo has reported that only 59.5 percent of merchants had adopted EMV-compliant technology.[22]While the goal of making transactions more secure is being accomplished, it is clear that this transition to EMV-compliant technology allows card issuers to benefit by shifting liability to other parties. Until all merchants within the U.S. have transitioned to EMV chip-enabled technology, card issuers will not be liable for every fraudulent transaction like they were in the pre-EMV days. Regardless of the final result of B&R Supermarket, Inc. v. Visa, Inc., as of now U.S. merchants are required to make the change to EMV chip-enabled services, or continue operating under the constant threat of fraudulent transaction liability.[1] J.D. expected May 2018.[2] See Anthony J. McFarland, Data Breaches Drive Retailers To Update Payment Systems, Law 360 (Oct. 9, 2016, 9:45 PM), http://www.law360.com.ezproxy.law.uky.edu/articles/578881/data-breaches-drive-retailers-to-update-payment-systems.[3] Id.[4] Sienna Kossman, 8 FAQ’s about EMV credit cards, http://www.creditcards.com/credit-card-news/emv-faq-chip-cards-answers-1264.php.[5] Id.[6] EMVCo, https://www.emvco.com/about_emvco.aspx.[7] See Christopher J. Thanner, Chip Enabled Card Compliance Will Hit Some Merchants Hard, Law 360 (Oct. 9, 2016, 8:15 PM), http://www.law360.com.ezproxy.law.uky.edu/articles/713057/chip-enabled-card-compliance-will-hit-some-merchants-hard.[8] Id.[9] Id.[10] Id.[11] Id.[12] Id.[13] Visa tracked 630 million EMV chip card transactions, which was a 1,050 percent increase from 2015; EMV chip card-enabled merchants make up 37 percent of Visa’s transactions. Visa U.S. Chip Card Update: August 2016, Visa.com, https://usa.visa.com/visa-everywhere/security/visa-chip-card-stats-august.html.[14] Mastercard Chip Momentum: Reducing Fraud One Year In, MasterCard.com (Sept. 12, 2016) http://newsroom.mastercard.com/press-releases/mastercard-chip-momentum-reducing-fraud-one-year-in/.[15] Id.[16] Thanner, supra note 7.[17] Eric Naing, Businesses wary of buying EMV hardware, poll says, CQ Roll Call (Oct. 9, 2016, 9:00 PM), https://1.next.westlaw.com/Document/If469129e8ca011e598dc8b09b4f043e0/View/FullText.html. . . .[18] McFarland, supra note 2.[19] See B & R Supermarket v. Visa, Inc., No. C 16-01150 WHA, 2016 U.S. Dist. LEXIS 136204 (N.D. Cal. Sep. 30, 2016).[20] Id.[21] Id.[22] Id.*Featured image by Dennis S. Hurd, licensed under Creative Commons CC BY-NC-ND 2.0.