I am working on a major article for Parking Technology Today coming out in July. I am in receipt of a document from Visa that I will share with you in the article. But I thought you might like a taste:
Myth: All US Merchants must be set up to accept chip payments by 1 October 2015.
Reality: US merchants are NOT required to support chip processing. However Effective 1 October 2015 the Visa global POS counterfeit fraud liability shift will be instituted in the US. With this liability shift, that party that, due to their lack of chip technology, is the cause of a contact EMV ship transaction not occurring (i.e. either the issuer or the merchant’s acquirer) will be held financially liable for any resulting card-present counterfeit fraud losses.
- Issuers retain counterfeit fraud related liability if they do not issue chip card
- Conversely, acquirers assume counterfeit liability if the magnetic-stripe data from a contact ship card is copied and used in a non-contact chip terminal.
What this means:
One purpose, among others, of issuing the chip card is to prevent fraudulent duplication of the data on the card (which is relatively easy with a mag stripe card.) So if the card is cloned the responsibility for the transaction is moved to the issuing bank if it does not issue chip cards, or to the acquirer (the company processing the transaction for the merchant and hence to the merchant) for the fraudulent amount charged. This is for transactions where the card is present. It is not true for transactions where the card is not present (like over the internet.) It is also not true if the card is stolen and used before the theft is reported. The liability is ONLY placed on the merchants if the card is counterfeited and used at a terminal that is not chip enabled.
What is your liability assuming you do nothing. Its the cost of a parking space. If its on street it may be only a few dollars, and beside, how often are counterfeit cards used for small ticket items. Off street, when dealing with long term parking, like an airport, and monthly permits, may be different. Also if you are a city or a university and have many different potential charges on the cards, the risk may be higher.
Unfortunately you have to review carefully your potential liability and decide whether to upgrade equipment now, or wait until you would normally upgrade, at the end of its natural life.
Nothing is ever easy, is it.
Stay tuned for more Myths and reality.
JVH
3 Responses
Just to let your American readers know some more information on this item, when Chip & PIN started in Europe in February 2005 it was mandated by EMV that any new cashless devices installed from February 2005 had to be complaint However existing equipment could remained the same just working on the magnetic stripe and with a liability shift to the merchant. In reality very few transactions made to pay for parking are made with cloned cards
More than 10 years have passed and we still have non chip and PIN installations in parking just reading the magnetic stripe code. Although higher charges can apply for these transactions.
Even more important the European parking payment market is now adopting Chip and contactless without PIN pads as this reduces cost, makes transactions faster, are more user friendly and believe or not are cheaper to make than Chip & PIN and without any liability risk.
Manny — that is exactly what is happening here. rta — as you see above, no pin is required to be installed.
Now to the larger issue. Why is there so much confusion. I lay that at the feet of Visa. They are driving this airplane but make it extremely difficult to talk to anyone “on the record” and even though the ‘myth’ versus reality fact sheet has been out a year, most of the people speaking to this at trade events (like PIE, for instance) are from the vendor industry not Visa. The vendor industry has a vested interest in changing out as much equipment as possible, at all levels. Therefore although they don’t, I think, purposefullly7 mislead, they do tend not to make specific statements. I mean, what if they said “you don’t have to change out your equipment but if you don’t, the liability will be minimal.” and then they get some guy at an airport who owes $750, uses a cloned card, and viola, the airport is stuck. They will then go after the vendor and say “dammit, you told me I didn’t have to do this, and now I’m out $750. What kind of vendor are you. So they sing and dance. Visa puts out myth versus reality, but refuses to go on the record saying that the risk to our industry is very small (I’m sure lawyers were involved in that decision.) And there you go.
JVH
The bigger issue for a parking operation is whether they (credit card companies) will require a “pin” code with those chip cards. It’s no big deal when your at a pay-on-foot or making a payment in an office, but if it’s an in-lane payment then that’s going to add time to the transaction. When you’re looking at a large facility the addition of even 10-15 seconds per transaction can add up really fast, especially in locations that have requirements in their operating contracts for the length of time cars can sit in line.