3 Ways CHIP/EMV Technology Can Affect Cyber Liability

With experts predicting losses of nearly $10 billion for this year alone incidents of credit card fraud and related costs are on the rise.

These growing costs have prompted the credit card industry to reduce in-person counterfeit credit and debit card fraud by implementing CHIP or EMV (EuroPay, MasterCard and Visa) technology.

In addition to enhanced consumer protections, the introduction of CHIP/EMV technology protects the industry from a pending shift in the payment networks’ liability framework, which affects who is responsible for compensation costs for in-person fraudulent credit card transactions.

“Under federal law, if a card holder’s credit card number is stolen, but not the card, the consumer is not liable for any unauthorized use. The responsibility currently falls on the bank or financial institution that issued the payment card,” explains David Derigiotis, Corporate Vice President and Director, Professional Liability Center of Excellence, at Burns & Wilcox. “However once the new policy comes into effect this October, retail merchants will also be liable for fraudulent charges if they are not supporting EMV technology.”

According to Derigiotis, this could have a significant effect on cyber liability policies held by many retail merchants. Derigiotis has outlined three ways the shift to EMV cards will affect cyber liability:

1. Online purchases

As EMV cards are more difficult to replicate and use for in-store purchases, experts predict an influx of fraudulent online purchase attempts in the near future. Businesses therefore need to be mindful of their online presence and their capacity to accept online payments. To address this increased risk, brokers and agents should work with their retail merchant clients to ensure their e-ecommerce system has the right protections and adequate limits in place.

2. Payment Card Industry Data Security Standards (PCI DSS)

The PCI Data Security Standard is followed by many global payment brands to enhance control over cardholder data. Should a retail merchant be found non-compliant with these standards, they may receive a fine and/or penalty from the payment card brands they have partnered with. This fine can be covered under a cyber liability policy, however if the organization has not updated their technology to accept EMV cards, the insurance company may be unwilling to cover the cost. To ensure any incurred fines or penalties continue to be covered by a cyber liability policy, organizations should update their technology to accept EMV cards.

3. Insurance Premiums

Updating the point of sale (POS) technology to read EMV cards not only mitigates the risk of credit and debit card fraud, it demonstrates to insurers that an organization has a strong approach to risk management and cyber security. From an underwriting standpoint this positions the organization as a “better” risk and can result in more affordable insurance premiums on their cyber liability policy.

Without EMV technology, retail merchants are not only placing their customers at risk for counterfeit fraud, but placing themselves at risk of being held responsible for compensation costs. Worst still, without the proper insurance in place they may incur significant out-of-pocket losses if found liable. By adopting EMV technology and having a strong cyber liability policy in place retail merchant clients can be sufficiently armed to fight credit card fraud.

Additional Sources:
http://www.paymentsleader.com/will-retailers-be-ready-for-emv-by-oct-2015/

http://www.usatoday.com/story/money/personalfinance/2015/06/20/emv-cards-nerdwallet/28875861/