Outdoor EMV liability has officially shifted for the convenience store industry.
As of midnight on April 17th, 2021, convenience store operators are responsible for fraud that happens on their forecourts.
What Does This Mean for Retailers?
Prior to the liability shift, most pay-at-the-pump dispensers used magstripe technology to verify credit card payments. The problem is, data from magstripe cards can be easily stolen and duplicated using devices called “skimmers,” creating an enormous black market for identity theft.
EMV “chip” technology encrypts customers’ financial data, making it much more difficult for criminals to steal credit card information. EMV stands for Europay, Mastercard, and Visa, the founders of the encrypted chip technology.
Until now, those banks have assumed liability for fraud occurring at fuel dispensers.
Now that the liability shift has occurred, the retailers now own the fallout from fraud. In other words, c-store retailers are now on the hook for fees and legal issues related to fraud that occurs at their stores.
On the other hand, retailers with outdoor EMV technology don’t have to worry about liability.
EMV regulations have been in place in Canada and much of the world for the last decade with great success. U.S. retailers have been slower to make the move, causing deadline delays. But as we know now, the deadline is sticking and the “chargebacks” are now your problem.
What is a Chargeback?
You can learn all about chargebacks here, but we’ll do the cliff notes now.
There are two types:
Lost and Stolen – Like you might expect, a card can be either lost or stolen. The fraud occurs when it’s used by someone to run up charges before the victim notices.
Counterfeit Fraud – This is where the liability shift is happening between the card networks and retailers. In this scenario, a criminal uses low-cost equipment to create brand new magstripe cards with stolen, but valid data.
The data is typically purchased on the dark web from other criminals who skimmed it from other unprotected gas pumps. In some cases, organized crime syndicates both skim the card data and create the fake (but very usable) cards.
What Now?
Now that fraud liability has shifted, it has created two buckets of convenience stores: EMV have's and EMV have not's.
Many retailers have already taken the steps to install EMV on their forecourts well ahead of the deadline.
Maplefields, a c-store retailer in Northern New England, has been 100% EMV compliant since January 2021.
“If you’re not EMV-compliant by the deadline, then it all falls back on you. Breaches, chargebacks, those are 100% yours,” says Maplefields’ IT Director, Skip Potter. “You own those. And I’ll tell you, one breach? That could destroy your company.”
Watch more here:
The rush to install has created a backlog, causing late-to-the-game retailers to wait in line for their upgrade appointment. Then, there are retailers who haven’t made plans to upgrade at all. Most believe they won’t become a victims of fraud, but experts believe differently.
Via Digital Transactions:
In an example offered by Mercator, an operator with 12 locations spread evenly among areas deemed be low-, medium-, and high-risk, would face fraud liability totaling $17,315 per store over 12 months, or $207,783 overall. “This could change dramatically depending on the risk position of each station, and it should be noted that Mercator’s calculation takes a decidedly conservative approach,” said Tim Sloane, vice president of payments innovation at Marlborough, Mass.-based Mercator, in a statement.
Bottom Line
Despite the delays and COVID-19, one fact remains: the demand for payment technology is ever-increasing and ever-changing.
No one wants to shop on a website that is vulnerable to hacking, so why expect your fuel customers to shop at a vulnerable dispenser?
If you are a retailer who hasn’t started your EMV plans, you need to begin as soon as possible.
Contact our expert payment team today to begin the outdoor EMV process.