Partner content provided by Bank of America Merchant Services
The excerpt below is from a recent white paper published by Bank of America Merchant Services titled, “How to Prepare for EMV.” To learn more about EMV, view and download the full report, or contact a Bank of America Merchant Services business consultant.
In 2011, Visa and MasterCard announced that starting in October 2015, any face-to-face counterfeit fraud losses would be the responsibility of the party that had the least secure authentication capability, with EMV being the most secure card standard. This is referred to as the “liability shift.” Thus, if a merchant’s POS device could not recognize a card issued with a chip, the fraud loss would be charged to the merchant. However, if a merchant’s POS device could accept a chip card, but a counterfeit card used for payment had a magnetic stripe only, the issuing bank would be charged for the loss. In the event that neither party adopted EMV standards, the current fraud liability standards would apply.
While the networks have not mandated whether banks must require “chip and signature” or “chip and PIN,” some are already considering PIN authentication a more secure option. In “chip and signature,” a cardholder presents an EMV card into a POS reader, and otherwise signs the sales draft as they would with a magnetic stripe card. With “chip and PIN,” the cardholder keys in a PIN instead of signing the receipt, allowing the retailer to rely on the bank’s authentication rather than having a sales clerk verify the draft signature against the signature on the back of a card. The advantage of “chip and signature” for banks and merchants is that it most closely resembles the checkout process today. But, some experts argue it does not authenticate the cardholder’s identity as well as a PIN does, and lost or stolen cards can still be used. The advantage of “chip and PIN” is that both the card and cardholder are effectively authenticated. PIN initiation, however, is a more onerous process for the banks and cardholders; as a result, there is more complexity and less adoption of implementation.