Government offices can add one more important decision to their list this year: On Oct. 1, the liability for not meeting the Europay, MasterCard and Visa (EMV) specifications will shift from credit card companies to merchants. Though upgrading to EMV point-of-sale systems, which authenticate purchases via a computer chip embedded in the credit card, is not required, organizations frequently encountering credit card fraud will experience heavy costs for fraud losses if they don’t upgrade -- which could spell bad news for governments that take credit card payments from their constituents.
Global payment card fraud losses have increased each year since 2000, reaching $11.3 billion in 2012, according to an Economist report. And fewer than half of the point-of-sale terminals in the U.S. are expected to meet the new EMV specifications by the October deadline, including many government entities. But Mukesh Patel, president of NIC Services, said that might not be as bad as it sounds.
Patel outlined for Government Technology the circumstances in which a government office would be held accountable for fraudulent charges. If a customer uses a counterfeit card that has an EMV chip, but the merchant doesn’t have an EMV terminal, the merchant would be liable for the charges. If the merchant has an EMV terminal and a customer pays with a counterfeit card that lacks the EMV chip, then the card-issuer would be liable for the fraud costs. The new rule encourages everyone to upgrade their cards and equipment that use the new EMV chips.
NIC Services estimates that new terminals will cost government offices about $200 to $300 each. However, offices upgrading to EMV payment systems also will need to upgrade their back-end software to handle the encrypted data properly – and pass a system certification process, which can take six to 12 months, Patel said.
“What we are recommending our partners do is to analyze their history of chargebacks, their history of fraudulent transactions, and then to really make a business decision as to whether it’s beneficial for them to invest heavily in the terminals,” Patel said. “Just from our experience, with the 28 to 30 states we work with, government services in general don’t tend to have a high fraudulence rate, because as a citizen you wouldn’t go to your DMV and renew your own driver’s license with a stolen card. It would be very easy to find out who you are.”
NIC’s general recommendation is that unless an office regularly encounters a high incidence of payment card fraud, they should wait to see what happens in the industry. Not all the specifications are settled, Patel explained – whether the industry standard will become a chip with a signature or a chip with a personal identification number is unclear. MasterCard is now piloting an authentication system that has its users send the company a picture of themselves upon payment. Magnetic strips aren’t expected to disappear anytime soon, so governments shouldn’t panic about their equipment becoming useless, Patel said. Asking for a second form of identification, he added, is a good way to reduce the already low levels of payment card fraud found in government offices.
Authentication standards are created with the intent to reduce fraud, which EMV may accomplish at physical point-of-sale terminals, though some predict the adoption of EMV will shift more fraud toward online marketplaces.