MasterCard has announced a liability shift for its domestic ATM transactions on EMV-issued cards, effective Oct. 1, 2016.
You probably knew that, I’m just making sure you’re awake!
Did you also know that no network, including MasterCard and Visa, has made any indication that they will require mandatory EMV upgrades to ATM equipment?
It’s true. ATM owners are not strictly required — by rule, regulation or legislation — to make the investment in the EMV security standard. You don’t have to upgrade.
What’s also true, however, is that, as of the MasterCard and Visa deadlines, liability from counterfeit card fraud transactions will shift from the issuers of EMV-enabled cards to the party that has not made the investment in EMV equipment — the ATM owner.
You’ve probably seen the market-wide numbers and prognostications regarding average fraud losses per incident, costs of upgrading to EMV and whether criminal activity will increase or decrease on either side of the deadline. Still, you might be thinking that market-wide numbers aren’t as meaningful as what’s going to happen where you live or where your ATM is located.
The question you are likely asking yourself right now is — What does EMV and the fraud risk profile look like where my ATMs are installed?
Some ATM owners may be reviewing their portfolio transaction history as part of their deliberations regarding fraud liability vs. ATM upgrade expenses. Some owners may consider ATMs with primarily domestic transactions, particularly in more rural communities, to be less risky compared to high-volume locations near transportation hubs.
In response to any such deliberations, I offer both a statement and a question:
Past performance is not necessarily indicative of future results.
Are you feeling lucky?
Regardless of whether MasterCard and Visa absolutely compel EMV upgrades, from a risk assessment point-of-view, it will be a best practice as of Fall 2016.
Any ATM owners choosing to exercise their right not to update will be playing in traffic hoping not to get hit by the cars. And they will always be looking over their shoulders for the proverbial bus bearing down on them.
Perhaps up to this point I haven’t been speaking to your situation. Some ATM owners have established an EMV implementation roadmap and are actively working to upgrade all of their ATMs to enable EMV acceptance in time for the first liability shift, i.e., the MasterCard deadline of Oct. 1, 2016.
For many ATM owners, there’s a reasonable chance their recent ATM deployments have involved terminals that are EMV-ready. Even better, some ATM owners have commenced efforts to upgrade hardware on their fleet for the EMV standard.
That truly is good news, though ATM owners must also stay focused on the fact that EMV-ready hardware isn’t necessarily ready to accept EMV transactions. Software upgrades — along with testing and certification are tasks that remain undone for many ATM owners, even those who are ready and willing to move to EMV.
The journey to EMV compliance won’t be without challenges, but time is still on the ATM owner’s side. For those who are already in the field, working toward EMV compliance, stay focused and keep asking yourself, “What percentage of my fleet is fully upgraded and ready to accept an EMV transaction?”
For all others, now is the time to talk to your vendors and ATM services providers and inquire about their EMV upgrade programs.
What was true in childhood remains so in adulthood in regard to the EMV liability shift for ATMs: Playing in traffic is a risky enterprise. Don’t get run over by the bus.