The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Despite this extension, it’s likely that many U.S. fuel stations will still not meet the new deadline, leaving themselves open to the fraud liability shift that will kick in after that date.
So, what can merchants do to protect themselves if they’re not ready in time?
The EMV state of play at U.S. fuel stations
As we explained in our recent blog post, card issuers can charge back fraudulent transactions if the merchant is unable to accept EMV cards at the pump after the implementation deadline.
According to Aite Group, as of August 2019, only 13 percent of fuel merchants had fully installed EMV card readers at the pump and only 42 percent were expecting to be fully installed by October 2020. Even with the additional six-month extension, it is clear that a large proportion of fuel merchants will not be compliant in time.
This is largely due to the expense, labor and physical infrastructure replacement that is needed. The cost alone is difficult to manage, with an estimated price tag of $6,000 per dispenser, or $55K per fuel station. With these costs, it’s easy to see why for many who own only a few stores, the effort to upgrade is probably not financially viable. For those who are implementing, there’s also a shortage of resources needed to change the equipment, impeding their ability to meet the deadline.
How much of a fraud problem is there?
There are millions of fake cards in circulation that fraudsters can use to steal products and services at merchant locations. Fraudsters seek the path of least resistance to poach and pilfer. Because most payment cards now have EMV chips and most merchant points of service around the world support EMV chip cards ─ fuel dispensers in the U.S. are the path of least resistance for fraudsters. When U.S. merchants (including in-store at convenience and grocery stores) implemented EMV, those that were last across the line became the targets of fraudsters and their fraud losses increased.
The same will be true at the automated fuel dispenser and, in fact, the problem will be greater because fraudsters do not have to go into the store and face a person who can challenge them or call the police – they can just drive off.
Adding to the problem is that fuel merchants have not had to face much in the way of chargebacks, since issuers have borne the vast majority of fraud costs. The liability shift will change this situation dramatically. Most fuel merchants are largely unaware of the volume of fraud going through their business and have poor visibility into the cost of fraud. It’s understandable that many are not prepared. Given the tight margins, justifying an expensive and resource-hungry change such as EMV implementation may not be possible. But there is also a rising cost to inaction.
What is likely to happen after the deadline… or, now what?
The deadline shift will help some merchants solidify their plans, but there will be laggards, and low-priority stores. If a fuel merchant hasn’t upgraded their pumps to enable EMV payments, they will be liable for any card fraud after the deadline. This cost is difficult to predict, but it could be significant.
EMV helps enormously with preventing fraud in card-present payments because it prevents stolen, fake or cloned cards from being used. Fuel merchants who haven’t upgraded won’t just be taking the cost hit on the fraud levels they already had, but they may also make themselves targets for fraudsters who know they can continue to successfully use cloned, stolen or fake cards there.
Developing a fraud prevention strategy
While it’s important to still work towards EMV implementation, fuel merchants also need to make sure they have a broader fraud and data theft prevention strategy in place; one that includes fraud detection, point-to-point encryption (P2PE) and tokenization.
Let’s start with recognizing and stopping fraud. We know there is going to be fraud, so fuel merchants should think like a card-not-present (CNP) or eCommerce merchant and put in place a proper fraud detection and prevention solution. This would check against known black-market databases and additional global consortium data, as well as positive profiling from other merchants and known good customer transactions. This can be done without annoying regular customers who might be frustrated by additional checks.
With alternative and mobile payments, new vulnerabilities will be exposed and it’s best to be prepared for them. The broader shift towards omni-channel payments has made an integrated approach to payments and fraud essential for many merchants.
A fraud prevention solution isn’t an interim measure though – it’s a necessary long-term one. It’s of great value to have a sophisticated fraud prevention solution as an integrated part of the payments acceptance platform. This way, fraud screening (and fraud data capture) can happen across any type of payment made at the pump, in the store, or across the various touchpoints and payment types the merchant chooses to enable. By having this solution in place, merchants can prevent the vast majority of fraud before it happens and avoid the liability altogether, whether they are EMV-enabled or not.
Guarding against data theft
The other side of the strategy is better data protection. While EMV keeps merchants from accepting a bad card, P2PE secures the captured information, protecting it from any data breach. P2PE helps with PCI compliance, guarding against fraud and data theft by preventing hackers or other third parties from reading and exploiting sensitive payments data.
We’ll be exploring the value of P2PE in an upcoming blog post. In the meantime, if you’re a fuel merchant looking to find out more about payments security and mitigating fraud at the pump, I will be leading an NPECA webinar on May 21.
Watch the on-demand webinar: Hi-Octane EMV+ with P2PE and Tokenization
In this on-demand webinar, Dan Coates discusses how adding point-to-point encryption (P2PE) and tokenization to your EMV initiative can help fully protect payments at the pump. With the October EMV deadline being pushed to next April, let’s consider these additional threat protections that will also significantly reduce your PCI compliance and add flexibility to your payment processes.
Related Blog Posts
What Will the World of Post-Pandemic Payments Look Like? [Dave Birch Q&A]
Dave Birch is a leading global authority on payments and digital identity, who is no stranger to predicting what the future of financial services has in store. After delivering the keynote presentation at our recent ACI Edge Virtual: Banks & Intermediaries, we gathered some insights from Dave on what the world of payments could look like, post pandemic.
The Rise of “Invisible Payments” in Latin America
For retailers throughout LATAM (and the world), driving sales and loyalty depends on keeping up with top payment trends, which are invariably driven by consumer demands. “Invisible payments” is an emerging trend that is already paying benefits for a host of retailers — and it could be a game-changer for Latin America.
Digital Payments in India: Delving into Diwali Festive Season Spending [Q&A]
While many retailers around the world have just entered their busiest period of the year – kicking off in earnest with U.S. Thanksgiving and the increasingly global phenomena of Black Friday and Cyber Monday – there are some markets where these busiest of periods have already occurred. An extended China Singles Day raked in roughly $100 billion at the start of November, while India’s festive season, culminating with Diwali in mid-November, was widely expected to witness strong growth of online sales in particular.
Do Merchants Have the Right Tools to Tune Their Engines for the Innovation Race?
2020 has been a year of many, many changes, across nearly all walks of life and business. One beacon of light is that these circumstances have pressed the digital acceleration button, in some cases advancing digital uptake and innovation by years, within a matter of a few months.
Confronting Disruptive Pressures in Issuing [Customer Q&A]
We are at the dawn of an industry overhaul. The banking industry is facing disruptive pressures on multiple fronts, but particularly in payments. More competition, increasing regulation, and growing consumer expectations, payment types and channels. Plus, for issuers, there is the additional challenge of remaining relevant and at the center of the customer relationship, which has never been more complex.
Strong Customer Authentication: New Rules Will Trigger Profound Changes in Many Organizations [Q&A]
One of the biggest industry issues for the payments community right now is strong customer authentication (SCA) – the new regulation for card payments, including card-not-present or eCommerce payments. This is due to come into force on December 31, 2020 in the EU, and on September 14, 2021 in the U.K. ACI recently brought together industry stakeholders for a webinar entitled Competition Versus Compliance: How an SCA Exemptions Strategy Can Grow Your Business. I spoke with these stakeholders about the challenges, but also opportunities, that SCA will bring to the payments industry.
The Two Sides of Payments Modernization in Asia: Real-Time and Financial Inclusion
Home to nearly 60 percent of the world’s population, as well as some of the most dynamic and diverse markets, the Asia-Pacific (APAC) region plays a critical role in shaping the world economy. The diversity of the region is also evident in its payments landscape, with almost every country forging its own path towards payments modernization.
The Fight for Fuel Customer Loyalty Is On
In 2019, price determined where 59 percent of consumers chose to purchase their fuel, and more than half opted to pay at the pump, preferring to simply pay for gas and go.
Payments Modernization in the Cloud: An Inflection Point in the History of Payments
Public cloud is one of the big buzzwords in payments right now. While a few years ago financial institutions were reluctant to embrace the technology, they are now among the most likely to do so. ACI discussed the topic of Payments Modernization in the Cloud during a recent webinar, moderated by Finextra’s Head of Research Gary Wright. Katrin Boettger caught up with the panellists — Ciaran Chu, head of cloud at ACI; Peter Hazou, business strategy leader at Microsoft and Lu Zurawski, practice lead, retail banking at ACI — about why the COVID-19 pandemic might be a further catalyst for the worldwide adoption of cloud technology.
From "Access to Cash" to "Access to Digital" – How Innovative Thinking Is Keeping SMEs Trading
With millions of people in London and the wider U.K. having endured lockdowns and restrictions, the COVID-19 pandemic has had a massive impact on our shopping habits. While some supermarkets have struggled to keep up with customer demand and social distancing rules, many small, local business have adapted to the crisis quickly, efficiently and in innovative ways. While supermarkets have run out of delivery slots, smaller businesses are now offering local deliveries whilst providing safe digital payments options. They are also selling goods that the big supermarkets have run out of because traditional supply chains have been interrupted.