This October marks the official EMV liability shift for payment card issuers, merchants and acquirers. Rather than issuers bearing the responsibility for fraudulent payment card transactions, the liability will fall on whichever party has not implemented EMV functionality.
Many larger U.S. financial institutions are in the midst of initiatives to upgrade all customers to chip-enabled EMV cards by October. But for credit unions, many of which lack the resources, flexibility or budget to upgrade in such a tight timeframe, the decision to adopt EMV is more complex. These organizations have two critical choices to make: Whether or not to fully implement EMV by the liability deadline, and what level of implementation to strive for.
By evaluating the EMV upgrade and its opportunities from multiple perspectives, including cost-benefit, risk and member/customer impact, credit union leaders can develop sound strategies for the near and long-term.
Calculating the Cost-Benefit of EMV
Credit unions may be tempted to view the transition to EMV cards as one of many modern compliance hurdles, but the increased security will result in greater long-term member/customer satisfaction and card fraud reduction.
Industry analysts expect EMV authentication to significantly reduce payment card fraud and subsequent losses (which totaled $18 billion in the U.S. in 2013). Research published by the Federal Reserve Bank of Kansas City estimates that if EMV adoption leads to comparable fraud reduction, as it has in Europe (including in the United Kingdom, France and the Netherlands), losses could plummet by as much as 40%.
These recouped expenses aside, many credit unions might still contemplate a phased EMV implementation. Given that it can cost up to $4 to upgrade one card, a mass rollout may be cost-prohibitive for smaller institutions. Credit unions can minimize the financial shock by upgrading cards as they expire, or transitioning high-risk cardholders first.
Understanding Risks on All Sides
After October, fraud liability can shift, and issuing banks and credit unions will still shoulder the burden if the merchant has upgraded their terminal for EMV processing. However, the fraud liability shifts to merchants who have not upgraded once the issuer has replaced the magnetic stripe with an EMV card.
Conversely, banks and credit unions that decide to pursue the longer-term approach may increase these institutions' vulnerability to fraud, as other institutions are safeguarded. And even for institutions that roll out EMV cards, risk could shift to other areas of their operations.
For example, card-not-present transactions (which include the growing volume of e-commerce purchases) will continue to be a security struggle. And while online purchase data is often encrypted, many retailers problematically store member/customer payment information for easy reuse – which continues to pose a liability for banks and credit unions.
Due to the difficulty of extracting data from EMV chips, malicious actors may instead attempt to exploit banks and credit unions' internal vulnerabilities. Though this will pose fewer challenges for larger, cyber-vigilant organizations, smaller institutions should start investing in more sophisticated virtual defenses as soon as possible.
Keeping the Member in Mind
Perhaps the biggest EMV concern is member/customer impact. Whatever route a bank or credit union takes will result in a major change for cardholders, and successful organizations will strive for a painless transition and minimal service disruptions.
A phased rollout may make the most financial sense, but upgrading cards past October could trigger reputational repercussions. Institutions don't want to give members/customers the impression that they're technology laggards or unconcerned about protecting their data. On the other hand, upgrading all cards at once could overwhelm banks and credit unions' customer service channels (especially call centers and digital platforms), causing further frustration and even attrition.
To that end, member/customer education must be considered and planned. Institutions large and small generally don't invest sufficiently in communicating and explaining operational changes. The EMV transition provides an opportunity for banks and credit unions to exhibit proactive customer relations and inform their member/customer bases as to how the shift will benefit them.
There are a number of risks and opportunities inherent in the EMV migration process, leaving financial institutions with plenty to think about. By strategically assessing each aspect of the EMV adoption process – from cost savings and risk exposure to customer feedback – banks and credit unions can ensure they’re fully prepared for the upcoming deadline. No matter what, organizations that confront the shift now (and formulate the best plan for their needs) will fare better than those settling for a "let's wait and see" mentality.
To view this article as it originally appeared on CreditUnionTimes, please click here.