Many consumers are finding new EMV (Europay Mastercard Visa) credit cards in their mailboxes to replace their old credit cards with a magnetic strip on the back. EMV cards are commonly referred to as “chip cards” and are intended to cut down on fraud by securing personal data on a chip on the face of the credit card, rather than a magnetic strip on the back of the card. These cards have been used in Europe for nearly ten years. Chip cards are being adopted on the premise that the magnetic strip cards were easily counterfeited by simply replicating, or “skimming” the data stored in the magnetic strip onto a another card. At this point, the metal chip makes “skimming” more difficult.
Chip cards also provide more safety at the point of sale. Rather than swiping the cards, consumers will now insert the chip cards into a new reader that generates a unique code needed to approve that particular sale. The theory is that the chip card will be more difficult to use without permission because the code is constantly changing. The Federal Trade Commission (FTC) recently issued bulletins describing how the chip cards can make purchases in stores safer.
- New Technology—Same Old Phishing Scam
While the technology giving rise to chip cards is new, the cards are already causing a number of security concerns. The FTC has recently issued warnings about phishing attacks asking people to click on a link and enter personal information in order to receive a new chip card. Further, there are concerns that the cards will be intercepted in the mail while on the way to consumers.
- New Liability for Retailers
At present, only the larger retailers are using the new “point of sale” reader for the chip cards. Unfortunately, many smaller retailers have not purchased the new readers because the equipment is expensive and difficult to install. Some reports estimate retailers will spend more than $30 billion to upgrade their cash registers to handle the chip cards.
In addition to the cost of the equipment, many retailers may be surprised to discover that liability for fraud using the new chip cards may shift to them if the cards are fraudulently used at their cash registers and they have not installed the new reader. Specifically, on October 1, 2015, merchants that have not installed the new equipment face additional fees to cover costs related to any fraud committed with the cards. While reports indicate that retailers may file lawsuits against the credit card companies that attempt to impose these fees after the October 1 “integration date,” retailers may ultimately have no choice but to purchase the new equipment.
- Insurance Implications
Insurance brokers are already warning their clients about the potential liability created by these new readers and chip cards. Merchants will need to understand the new liability that has been shifted to them as of October 1, 2015, and make sure they have the proper safeguards in place. For example, many merchants are complaining that the demand for this new equipment has caused seriously delays in installing the equipment. Therefore, even merchants that are ready and willing to adopt the new equipment may have liability shifted to them while on a waiting list for installation. Consequently, merchants may need to work with their insurance brokers and insurers to address this new liability.