On October 1, 2015, the U.S. payment processing industry will be undergoing a sea change. Called EMV (for Europay, Mastercard, and Visa), this will forever change how credit cards are processed in this country.
Visa has an interesting synopsis that boils this down pretty succintly:
Basically, the new rules state that the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction.
Let's take a look at what this means for a merchant:
If a merchant accepts a traditional mag stripe credit card in a fraudulent transaction, the merchant is generally not liable, same as today.
If a merchant accepts a chip card (EMV) in a fraudulent transaction as a swiped transaction, the liability shifts to the merchant, as the least compliant party to the transaction.
If a merchant accepts a chip card in a fruadulent transaction, using a chip enabled device, the merchant is not liable, and the burden of the fraudulent transaction falls to the issuer.
To be clear, having an EMV terminal in and of itself does NOT make you compliant. You need compliant hardware, and a compliant software application. A PDF of the data standard security from the PCI Security Council can be found here: