CONTINUE TO SITE »
or wait 15 seconds

Article

Do EMV upgrades trigger ADA review?

IADs whose ATMs were not up to ADA standards as of March 15, 2012, might want to review their portfolio before simply buying EMV upgrade kits for existing machines.

March 30, 2015

by Jack Milford Ford

Over the past year or so, there have been discussions, webinars, surveys, conference sessions and more concerning EMV migration and the steps financial institutions and IADs are taking — or not — prior to October 2016 with respect to their ATM portfolio to prepare for EMV compliance mandates from networks, as they try to insulate themselves against fraud and, potentially, any ATM liability shift as result of such fraud.

Basically, there are six options IADs are considering in regard to EMV migration (there may be more):

  1. install at new site or replace an existing non-EMV ATM with a new ATM with hardware and software that are certified EMV smartcard-compliant;
  2. replace parts of an existing non-EMV ATM with hardware and software that are certified EMV smartcard-compliant;
  3. install at new site or replace an existing non-EMV ATM with a new ATM with hardware and software that are noncertified EMV smartcard-compliant;
  4. install at new site or replace an existing non-EMV ATM with a new ATM with hardware and software that are not EMV smartcard-compliant (i.e., mag stripe reader only);
  5. remove the existing non-EMV ATM from service and cease processing transactions through it;
  6. do nothing with the existing non-EMV ATM and continue to process transactions using mag stripe technology.

The first option is the best and the most costly to implement, as it responds to the mandates of the networks and is the best risk mitigation of a liability shift.

The third option is silly and I cannot imagine that an IAD would incur the expense to install or replace an ATM with noncertified EMV equipment.

The fourth option incurs less expense than buying a new EMV compliant and certified ATM, but carries the highest risk, as one runs the risk not only of processing fraudulent mag stripe transactions and incurring the associated liability, but also of having the ATM switched off at the network level, rendering it unable to process any transactions — valid or not — that do not comply with network rules. In choosing this option for all of one's ATMs, one runs the risk of being out of the ATM business.

The fifth option is the best way to eliminate the risk of a liability shift and the least costly to implement, but is the most expensive from a business operation standpoint — i.e., "total loss of revenue."

The sixth option — do nothing — might be the most attractive option from an expense-cost implementation standpoint, but it carries the highest risk.

One runs the risk not only of processing fraudulent mag stripe transactions and incurring the associated liability, but also of having the ATM switched off at the network level, rendering it unable to process any transactions — valid or not — that do not comply with network rules. In choosing this option for all of one's ATMs, one runs the risk of being out of the ATM business.

This leaves the second option.

I believe this option potentially invites the federal regulatory mandate of the 2010 ADA standards to come back into play.

As you might recall, on July 26, 2010, the DOJ announced updates to the Americans with Disabilities Act ("the 2010 standards") that applied to ATMs. I am not going to recount the 2010 standards, but they established three key dates with respect to ATMs:

  • up to March 15, 2011, 1991 standards were applicable;
  • after March 15, 2011 but before March 15, 2012, 1991 standards were applicable, with the addition of communication features of the 2010 standards; and
  • from March 15, 2012 all of the 2010 standards were fully applicable.

I suspect that many IADs are not too concerned anymore about ADA standards. But I can assure you that various national disability associations and organizations (especially associations for the blind) and the U.S. Department of Justice are still very concerned that the 2010 ADA standards are continuously monitored and fully implemented.

This being the case, an IAD whose portfolio of ATMs was not up to 2010 standards per the March 15, 2012 deadline might want to review the ADA standards against current ATM inventory to determine that all units are in conformance before simply buying EMV upgrade kits.

So, circling back to the second option: From 2014 on, replacing non-EMV parts of an existing ATM with parts that are EMV compliant might trigger an ADA compliance issue if the ATM in question did not previously conform to the 2010 standards and was not brought into full compliance during the EMV upgrade.

I would recommend that, as part of your strategic planning for EMV upgrades, your company revisit the ADA 2010 standards with respect to any part of your ATM portfolio that was not fully compliant with those standards as of March 15, 2012.

Through all my years of practice, it has been demonstrated time and time again that "an ounce of prevention costs less than a pound of cure."

photo istock

Related Media

Recent Posts
Eurasian Bank selects Diebold Nixdorf's self-service software
First National Bank to open 30 branches
Romanian man arrested for alleged cash trapping ATM scheme
Replacing the ATM: Pros and cons of new vs. remanufactured
U.S. Bank resumes crypto custody services


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'