Since the October 1 liability shift, when merchants without EMV-compatible terminals had to assume responsibility for “card present” fraud, I have spoken to many people — merchants, banks, industry analysts — about the shift and what’s coming next.
As a hyped deadline passes, there is usually a sense of “is that it?” — an anticlimax — after all the talk about surprise bills for fraud costs, and a huge shift to online fraud. But the other shoe hasn’t dropped yet. It will take some time before merchants get their rude awakening: hefty bills for fraud in their stores committed by people with stolen or counterfeit credit cards. These are bills that they have never historically had to pay, because the banks were liable.
Only 43% of merchants were even familiar with EMV cards as recently as August this year, and far fewer were EMV-ready. This means that their payment terminals cannot handle chip cards, so customers will need to use the magnetic stripe instead. In turn, any fraud committed due to a chip card having to be swiped instead of inserted will be the responsibility of the merchant. Once they start receiving bills for fraudulent card use, I suspect their minds will be sharpened and they will speed up their upgrade to chip-compatible point-of-sale terminals.
This holiday season is early to feel the effects of the EMV shift, which will play out over the coming 18 months or so, according to one senior industry analyst I spoke to recently. But even without EMV, we have already seen a sharp rise in online fraud: from 0.68% of gross revenues to a staggering 1.32%, according to the annual survey by Javelin Research.
But from all the worried merchants we're talking to, it looks like this will be the most fraudulent holiday shopping period on record: the highest volumes of online spending, combined with an unprecedented amount of stolen identity data available on the dark web or in shady criminal forums.
And the fraud-fest of the holidays will not be a temporary rough patch either. Directly following that, 2016 will be when the EMV consequences start to hit merchants, especially smaller ones, most of whom are not yet EMV-ready.