The next debit card you get will probably have a little golden chip in it, and that’s a good thing.
The chip will make it much less likely that someone can counterfeit your debit card and go on a shopping spree, so you won’t have to spend any time calling your bank and arguing with them about who bought that stuff, or waiting for the bank to refund your money.
For banks, it’s maybe not such a great thing. It will cost them about $1.4 billion to issue chipped “EMV” cards, for Europay, MasterCard and Visa. So why are they going to do it anyway? In part because of ratcheting pressure from MasterCard and Visa.
‘Liability shift’ coming
A deadline is rapidly approaching called the “liability shift.” On Oct. 1, 2015, MasterCard will reprogram its computers to change the way it handles who pays for fraud to encourage EMV chip adoption.
Normally it goes like this:
- A thief goes to a retailer or other merchant, buys a bunch of stuff on your stolen or counterfeited debit card.
- You notice it on your checking account statement and call the bank to complain.
- Your bank, the issuer of the debit card, ultimately covers the cost of the fraud.
After the liability shift, it will go like this:
- A thief makes a bunch of fraudulent purchases.
- You notice it and complain.
- Whoever failed to adopt EMV technology — the issuing bank or the merchant — has to cover the cost of the debit card fraud.
“Everyone in the system is allowed to decide when and how they’re going to migrate to EMV,” says Carolyn Balfany, senior vice president of product delivery at MasterCard. “What the liability shift says is, whoever does not invest in the upgrade to the technology in this pursuit of eliminating fraud will be responsible for any resulting fraud.”
Consumers don’t bear liability (at least not yet)
Notice that neither of the above scenarios involves you paying for the fraudulent purchases.
That’s important because in other countries where EMV chips has been adopted, including the United Kingdom, liability for some fraudulent purchases has shifted to consumers. In those countries, if someone manages to commit fraud with your debit card, you may be held liable because you presumably did not guard your payment details carefully enough.
That’s not the case in the U.S., Balfany says.
“You as a consumer are never responsible,” Balfany says. “Whether it’s magstripe, chip, I don’t care. You’re never liable.”
That could change in a few years.
Unlike the European version of EMV, American debit card holders won’t have to use a PIN when they make credit card type purchases right away — unlike the European version of EMV cards — but that shift is coming in 2020, Balfany says.
But when U.S. banks do adopt a PIN for all card transactions, it could create headaches for victims of fraud. That’s because it could be more difficult for debit card holders to convince a bank that they’re a real victim.
“We’ll have to see how that nets out,” Balfany says. “Typically, consumers are not liable,” except in cases that look like “friendly fraud,” where an associate of the cardholder makes purchases that the cardholder then denies responsibility for.
“Then really it becomes something that needs to be resolved between the bank and the cardholder,” Balfany says.
What’s an EMV anyway?
You know all those data breaches at large retailers you keep hearing about? Part of the reason that criminals are so eager to capture the payment information from consumers’ debit cards is it lets them print counterfeit cards and use them to make as many fraudulent purchases as possible before getting shut down.
The magnetic stripe technology now in use makes that pretty simple. You can go online right now and buy a printer capable of replicating debit cards by the hundreds if you have the necessary numbers handy.
With EMV chips, a thief would have to replicate the exact construction and programming of the chip, and have it solve what amounts to a difficult math problem in the exact same way as the original chip would have. That’s a lot tougher than replicating a simple magnetic stripe, assuming it can be done at all.
“This is hugely significant because of the rate of counterfeit fraud,” Balfany says.
However, to make EMV work, you need a chip card and a chip terminal to read it. Banks, which will have to pay for issuing the new EMV cards, have been reluctant to shell out the cash to do so. But the closer we get to the liability shift, the prospect of footing the bill for fraud may be a powerful motivator.
“The end game that everybody wants is to create what we call chip-on-chip transactions, because we want chip cards to show up at chip terminals, so that it’s a more secure transaction and fraud just moves out of the system,” Balfany says. “The real point is to create a point in time where hopefully most are investing to upgrade.”
What do you think? Do you want a chip in your card to prevent fraud?
Update: An earlier version of this post mistakenly said that under the current liability structure, merchants typically cover the cost of fraud. Actually, that cost is typically covered by the bank who issues the debit card.
Follow me on Twitter: @claesbell.