CO-OP: Oct 1 Just a Step Along the Way to EMV Compliance

Across the payments industry, there has been much discussion about recent October 1 deadline for EMV compliance. Set by MasterCard, Visa, Discover and American Express, this is the date when the least EMV-compliant entity – either the merchant or card issuer – assumes liability for counterfeit card fraud during U.S. card-present transactions.

While this liability shift ultimately alters the way counterfeit card fraud is addressed, the question remains: What changes can we expect to see out in the marketplace, and what do these changes mean for credit unions?

Expect Business As Usual

“For the most part, October 1 will come and go with very little impact on the way credit unions do business,” said Michelle Thornton, director of product development for CO-OP Financial Services. “Even though the vast majority of merchants are not ready for EMV, credit card issuers are, and many of the nation’s largest merchants will be in compliance as well. Where EMV becomes a near-term issue for credit unions is with smaller merchants that see migrating to the technology as either unrealistic or cost prohibitive within this time frame.”

In fact, a recent article cites projections by Javelin Strategy & Research that up to 75 percent of all merchants, primarily small businesses, will not implement EMV technology by the deadline. While statistically speaking that is a big number, Thornton advises credit unions to keep the data in perspective.

“If you look at your overall transaction volume and then examine where fraud is occurring, you will find that roughly half of your fraud today occurs in card-on-file or online payments as opposed to in-store,” she said. “Given that most brand-name merchants are expected to migrate to the technology by the end of this year, we are talking about a relatively small number of transactions over which credit unions could potentially shift some liability to a merchant.”

EMV for Debit Could Take Years

According to Thornton, the nation’s migration to EMV for debit will take much longer than for credit due to regulatory complexities. “The Durbin Amendment has dramatically delayed the adoption of EMV for debit here in the U.S.,” she said. “This is because the technology as it existed only supported transaction routing to a single network, and Durbin stipulates that debit cards, regardless of their method of authentication, must allow transactions to be routed to more than one network. A solution for this issue was only agreed upon last year. For many merchants, moving the technology from here to there is a complex task that may take years to complete – not weeks or months.”

Thornton maintains that, given these realities, the October 1 deadline should be viewed as more of an incentive to migrate to EMV than a mandate. “As a credit union, you should have a strategy in place and be working toward EMV compliance,” she said. “Remember that if you become the last credit union to implement EMV security, at some point fraudsters will find your BIN and create false cards.”

New Point-of-Sale Procedures

For consumers, EMV will present some changes at the checkout counter. “When consumers use an EMV card at an EMV terminal, they are required to insert the card instead of swiping it – even if it has a magnetic stripe,” said Thornton. “And once the card is inserted, it remains in the terminal for the duration of the transaction so communication can take place between the terminal and chip. Today, we are accustomed to swiping cards that never leave our hands. So, letting go of cards – and remembering to retrieve them – are new practices we all have to learn.”

Ultimately, Thornton thinks that EMV adoption will considerably reduce counterfeit card fraud, but not all fraud. “The nature of EMV technology makes it virtually impossible for fraudsters to produce counterfeit cards,” she said. “However, we are cautioning credit unions to pay close attention to online transactions going forward. We expect fraudsters to shift their focus to the online world simply because duplicating EMV cards is so incredibly difficult to do.”

She continued, “EMV delivers far-reaching benefits to U.S. financial institutions, merchants and consumers. In addition to preventing many instances of fraud, it will incentivize merchants to upgrade their systems to support other emerging technologies, such as near field communication (NFC) used in the new mobile wallets. However, it is important to remember that in most parts of the world the transition to EMV took about ten years. Here in the U.S., we are trying to migrate to EMV in just two or three years. So, while as a credit union you need to become EMV compliant as soon as possible, you shouldn’t panic if you are not there by October 1.”

For more information on EMV for debit, download CO-OP’s new white paper, “Common AID & EMV for Debit: What You Need to Know,” here.

For more information on what to expect during the transition to EMV, register here for their webinar, A New Era in Security after the EMV Liability Shift, scheduled for October 14 at 10:00 AM PT/1:00 PM ET.

Questions about this story? Contact James Pearson: 206.340.4790,

Posted in Compliance News.