October 1st is almost upon us and with it comes the official liability shift date for EMV. Because there continues to be a large amount of misinformation circulating about EMV I want to take a moment to revisit what October 1st means for merchants.
You are not required to adopt EMV as of October 1st and there is currently no official date where adoption will be required in the future. On October 1st, liability for fraudulent transactions perpetrated with an EMV chip embedded card simply shifts to the least compliant party. What this means is that if you are EMV enabled and you run a chip embedded card as an EMV transaction for a fraudulent transaction, the liability will not rest with you as the merchant. Instead, the card brand (Visa, Mastercard, etc) will assume liability for that chargeback. This liability shift only applies to card present transactions with EMV enabled cards that are processed as EMV cards. Merchants that are not yet EMV enabled will continue to be responsible for any fraudulent transactions that are perpetrated at their stores, the same liability that currently exists.
With that said, EMV remains an important piece of the credit card security puzzle and is something you need to consider as part of your overall data security plan. However, as noted in our previous EMV publications, due to the complexity of this change, the credit card processing industry is behind with regard to the certification process for EMV solutions. As a result, we do have an EMV solution available now for those stores that absolutely need it now, but we feel it will be prudent for most of our customers to wait based on the information below.
- All customers wanting to add EMV capability must upgrade to our latest version: V8.2.1 which is now in general release. Regardless of your decision on EMV, all customers will be upgraded to V8.2.1 or higher by June 1, 2016.
- If you need to implement EMV immediately:
- You will need to change processors to Mercury Payment Systems.
- You will need to purchase a VeriFone VX805 (price is $350). The device is not a signature pad -- it only accepts credit cards (EMV or swipe). You will continue to use your VeriFone MX880* to capture signatures and the credit card functionality on that device will be disabled. Basically, you will have two separate devices, one to process cards and the other to capture signatures.
- If you can wait to implement EMV:
- You may not need to change processors. We are currently awaiting EMV certifications with:
- First Data
- Heartland Payment Systems
We've been told to expect all of these to be available by year end but we don't have any control nor input on this part of the process. As these processors are certified, we will notify you.
- You will have the option of using one device to process cards and accept signatures. We've been told that signature pad certification will occur in the first quarter of 2016. At that point, you will have the option of either using one device to process cards and capture signatures, or the new option of using your existing MX880* along with the VX805 which is a less expensive option.
As I mentioned in the opening, EMV is just one piece of your overall credit card security strategy. You should also be planning to implement point-to-point encryption, and in the coming months as the industry gets caught up, tokenization, and NFC (ApplePay, Google Wallet, etc), which will all be available together. Before you make any decisions, I strongly recommend that you watch this webinar hosted by RMS President & CEO Brad Jones (also available on our website: www.rm-solutions.com/emv). This webinar will give you a more in depth look at EMV and the other technologies you should be considering to help you to make your decision on how to proceed.
Customer Success Manager
*NOTE: while the vast majority of our customers currently use the MX880, we will need to discuss other options for those who don't.