In Oct. 2015, the liability for fraudulent transactions made through non-EMV systems will shift from financial institutions to merchants, providing an incentive for merchants to switch to more secure payment methods like EMV after the countless point-of-sale breaches in 2014.
Unfortunately, the POS industry isn’t out of the woods yet, and things may get worse before they get better.
EMV cards, also called chip-and-pin cards, should solve some of the problems that retailers have experienced this year. Unlike magnetic strip cards, which use a consistent code when swiped, EMV cards generate a one-time-use code every time they’re used. This means that even if hackers manage to get that number, it won’t be of much use to them.
Retailers will have to shift to EMV before the Payment Networks’ Liability Shift in October or risk legal repercussions, a push which hasn’t gone unnoticed by hackers. In fact, Experian’s Data Breach Industry Forecast is predicting a surge in cyber criminal activity leading up to the deadline as hackers rush to get their last attacks in before the systems shut them out.
To put that in perspective, Americans lose $8.6 billion to fraud every year, and the Nilson Report predicts that that number will rise to $10 billion in 2015. Though EMV is expected to avert many security breaches, the shift will be gradual, and it may be a year before the public sees any substantial positive effects.
The other problem will come from merchants who choose not to comply with the new security standard because of high conversion costs. Changing completely to EMV compliant systems will cost $8.6 billion, according to Javelin Strategy and Research. Merchants who choose to stick with their old POS systems to save money will still be open to cyber attack.
Though 2015 may be another bumpy year, there is hope for the future. Europe has already transitioned to EMV with widespread success, so as long as merchants and shoppers do their part, there should be one less security concern to worry about in a few years’ time.