EMV Migration – Driven by Payment Brand Milestones
The United States has moved to EMV chip payments, with consumers now using chip cards to pay at chip-enabled merchant locations nationwide.
EMV migration has been proceeding along the milestones set by the payment networks. Visa took the lead in establishing their EMV roadmap with their announcement on August 9, 2011. MasterCard, Discover and American Express followed suit with announcements on January 30, 2012, March 15, 2012, and June 29, 2012, respectively. The payment network milestones include retailer incentives, processing infrastructure acceptance requirements and fraud liability shifts. Payment networks have aligned their milestones to streamline payments industry migration to EMV.
Visa Milestones
- August 9, 2011. Visa announced plans to accelerate chip migration and adoption of mobile payments in the United States, through retailer incentives, processing infrastructure acceptance requirements and counterfeit card liability shift.
- October 1, 2012 – PCI Audit Relief: If more than 75% of merchant Visa transactions originate from EMV-compliant POS terminals that support both contact and contactless transactions, the merchant may apply for relief from the audit requirement for PCI compliance (but is still mandated to be PCI compliant).
- April 1, 2013 – Acquirer Compliance. Acquirers and sub-processors must be enabled to handle full EMV chip data in transactions.
- October 1, 2015 – Counterfeit Card Liability Shift. The party that has made investment in EMV deployment is protected from financial liability for card-present counterfeit fraud losses on this date. If neither or both parties are EMV compliant, the fraud liability remains the same as it is today. This date excludes automated fuel dispensers.
- October 1, 2017 – Counterfeit Card Liability Shift, Automated Fuel Dispensers. This extends the card-present counterfeit card liability shift to transactions from automated fuel dispensers.
- January 30, 2012. MasterCard announced their U.S. roadmap to enable the next generation of electronic payments, with EMV the foundational technology.
- October, 2012 – PCI Audit Relief: If more than 75% of merchant MasterCard transactions originate from EMV-compliant POS terminals that support both contact and contactless transactions, the merchant is relieved of audit requirement for PCI compliance (but is still mandated to be PCI compliant).
- April, 2013 – Acquirer Compliance. Acquirers and sub-processors must be enabled to handle full EMV chip data in transactions.
- April, 2013 – Cross-Border ATM Liability Shift. At this milestone, MasterCard will extend its existing EMV liability shift program for inter-regional/cross-border Maestro ATM transactions taking place in the United States.
- October, 2013 – Account Data Compromise (ADC) Relief: MasterCard has announced ADC relief for merchants. On this date, if at least 75% of MasterCard transactions originate from EMV-compliant contact and contactless POS terminals, the merchant is relieved of 50% of account data compromise penalties.
- October, 2015 – Fraud Liability Shift. MasterCard liability hierarchy takes effect. The party that has made investment in the most secure EMV options is protected from financial liability for card-present fraud losses for both counterfeit and lost, stolen and non-receipt fraud on this date.
- October, 2015 – Account Data Compromise Relief: On this date, if at least 95% of MasterCard transactions originate from EMV-compliant POS terminals, the merchant is relieved of 100% of account data compromise penalties.
- October, 2017 – Fraud Liability Shift, Automated Fuel Dispensers. MasterCard liability hierarchy takes effect for automated fuel dispensers.
Discover Milestones
- March 15, 2012. Discover announced implementation of a 2013 mandate for acquirers and direct-connect merchants in the U.S., Canada and Mexico, to support EMV. Discover’s approach will support all card authentication channels (online and offline), all cardholder verification methods (including both chip and PIN or chip and signature transactions), and all commerce channels (contact and contactless, including mobile).
- June 29, 2012. American Express announced its U.S. EMV roadmap to advance contact, contactless and mobile payments and its plans to begin issuing EMV-compliant cards in the U.S. in the latter half of 2012.
- April, 2013 – Acquirer/Processor Compliance. Processors must be able to support American Express EMV chip-based contact, contactless and mobile transactions.
- October, 2013 – PCI DSS Reporting Relief. Merchants will be eligible to receive relief from PCI Data Security Standard (DSS) reporting requirements if the merchants’ POS acceptance locations, where 75% of their transactions occur, are enabled to process American Express EMV chip-based contact and contactless transactions.
- October, 2015 – Fraud Liability Shift. American Express will institute a fraud liability shift policy that will transfer liability for certain types of fraudulent transactions away from the party that has the most secure form of EMV technology.
- October, 2017 – Fraud Liability Shift, Automated Fuel Dispensers. American Express fraud liability shift takes effect for transactions generated from automated fuel dispensers.
Additional information on what the payment network fraud liability shifts mean to issuers, merchants and acquirers can be found in the EMV Migration Forum white paper, Understanding the 2015 U.S. Fraud Liability Shifts.
The EMV Migration Forum and the Smart Card Alliance Payments Council are active in providing resources to help the industry with EMV migration. Resources are published on the EMV Connection web site, with focused areas for issuers, merchants, and acquirers.