The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Despite this extension, it’s likely that many U.S. fuel stations will still not meet the new deadline, leaving themselves open to the fraud liability shift that will kick in after that date.
So, what can merchants do to protect themselves if they’re not ready in time?
The EMV state of play at U.S. fuel stations
As we explained in our recent blog post, card issuers can charge back fraudulent transactions if the merchant is unable to accept EMV cards at the pump after the implementation deadline.
According to Aite Group, as of August 2019, only 13 percent of fuel merchants had fully installed EMV card readers at the pump and only 42 percent were expecting to be fully installed by October 2020. Even with the additional six-month extension, it is clear that a large proportion of fuel merchants will not be compliant in time.
This is largely due to the expense, labor and physical infrastructure replacement that is needed. The cost alone is difficult to manage, with an estimated price tag of $6,000 per dispenser, or $55K per fuel station. With these costs, it’s easy to see why for many who own only a few stores, the effort to upgrade is probably not financially viable. For those who are implementing, there’s also a shortage of resources needed to change the equipment, impeding their ability to meet the deadline.
How much of a fraud problem is there?
There are millions of fake cards in circulation that fraudsters can use to steal products and services at merchant locations. Fraudsters seek the path of least resistance to poach and pilfer. Because most payment cards now have EMV chips and most merchant points of service around the world support EMV chip cards ─ fuel dispensers in the U.S. are the path of least resistance for fraudsters. When U.S. merchants (including in-store at convenience and grocery stores) implemented EMV, those that were last across the line became the targets of fraudsters and their fraud losses increased.
The same will be true at the automated fuel dispenser and, in fact, the problem will be greater because fraudsters do not have to go into the store and face a person who can challenge them or call the police – they can just drive off.
Adding to the problem is that fuel merchants have not had to face much in the way of chargebacks, since issuers have borne the vast majority of fraud costs. The liability shift will change this situation dramatically. Most fuel merchants are largely unaware of the volume of fraud going through their business and have poor visibility into the cost of fraud. It’s understandable that many are not prepared. Given the tight margins, justifying an expensive and resource-hungry change such as EMV implementation may not be possible. But there is also a rising cost to inaction.
What is likely to happen after the deadline… or, now what?
The deadline shift will help some merchants solidify their plans, but there will be laggards, and low-priority stores. If a fuel merchant hasn’t upgraded their pumps to enable EMV payments, they will be liable for any card fraud after the deadline. This cost is difficult to predict, but it could be significant.
EMV helps enormously with preventing fraud in card-present payments because it prevents stolen, fake or cloned cards from being used. Fuel merchants who haven’t upgraded won’t just be taking the cost hit on the fraud levels they already had, but they may also make themselves targets for fraudsters who know they can continue to successfully use cloned, stolen or fake cards there.
Developing a fraud prevention strategy
While it’s important to still work towards EMV implementation, fuel merchants also need to make sure they have a broader fraud and data theft prevention strategy in place; one that includes fraud detection, point-to-point encryption (P2PE) and tokenization.
Let’s start with recognizing and stopping fraud. We know there is going to be fraud, so fuel merchants should think like a card-not-present (CNP) or eCommerce merchant and put in place a proper fraud detection and prevention solution. This would check against known black-market databases and additional global consortium data, as well as positive profiling from other merchants and known good customer transactions. This can be done without annoying regular customers who might be frustrated by additional checks.
With alternative and mobile payments, new vulnerabilities will be exposed and it’s best to be prepared for them. The broader shift towards omni-channel payments has made an integrated approach to payments and fraud essential for many merchants.
A fraud prevention solution isn’t an interim measure though – it’s a necessary long-term one. It’s of great value to have a sophisticated fraud prevention solution as an integrated part of the payments acceptance platform. This way, fraud screening (and fraud data capture) can happen across any type of payment made at the pump, in the store, or across the various touchpoints and payment types the merchant chooses to enable. By having this solution in place, merchants can prevent the vast majority of fraud before it happens and avoid the liability altogether, whether they are EMV-enabled or not.
Guarding against data theft
The other side of the strategy is better data protection. While EMV keeps merchants from accepting a bad card, P2PE secures the captured information, protecting it from any data breach. P2PE helps with PCI compliance, guarding against fraud and data theft by preventing hackers or other third parties from reading and exploiting sensitive payments data.
We’ll be exploring the value of P2PE in an upcoming blog post. In the meantime, if you’re a fuel merchant looking to find out more about payments security and mitigating fraud at the pump, I will be leading an NPECA webinar on May 21.
Watch the on-demand webinar: Hi-Octane EMV+ with P2PE and Tokenization
In this on-demand webinar, Dan Coates discusses how adding point-to-point encryption (P2PE) and tokenization to your EMV initiative can help fully protect payments at the pump. With the October EMV deadline being pushed to next April, let’s consider these additional threat protections that will also significantly reduce your PCI compliance and add flexibility to your payment processes.
Related Blog Posts
Southeast Asia’s Domestic Payments Infrastructure Has Laid the Foundation for a Cross-Border Real-Time Network
Over the past decade, economies across Asia have been on the path to payments modernization, upgrading and replacing domestic payments infrastructure to make payments cheaper, faster and better. While the focus has been on domestic gains, this has set the foundation for a broader, cross-border real-time network – especially in Southeast Asia.
From ‘Access to Cash’ to ‘Access to Digital’ – How Innovative Thinking is Keeping SMEs Trading
With millions of people in London and the wider U.K. having endured lockdowns and restrictions, the COVID-19 pandemic has had a massive impact on our shopping habits. While some supermarkets have struggled to keep up with customer demand and social distancing rules, many small, local business have adapted to the crisis quickly, efficiently and in innovative ways. While supermarkets have run out of delivery slots, smaller businesses are now offering local deliveries whilst providing safe digital payments options. They are also selling goods that the big supermarkets have run out of because traditional supply chains have been interrupted.
Could the Right Use Case Push the U.S. Over the Edge of Real-Time Payments Adoption?
New York City, while a world leader in countless ways, has only just made it possible to access the subway with contactless technology. Something a commuter in London, for example, has taken for granted for many years. While America’s tech companies, manufacturers and retailers have been constantly modernizing, the country’s payment methods and habits lag behind much of the rest of the world.
Why the COVID-19 Pandemic Makes Immediate Payments Growth Mission Critical
COVID-19 continues to shake the world, and the payments industry is playing a critical role in the response to, and recovery from, this pandemic. There has been a shift in preferred payment methods as many consumers seek to avoid cash and embrace modern, digital payments.
Payments Modernization and Cross-Border Payment Corridors: How Nordics’ P27 Is Leading the Pack
The understandably large level of attention generated by the Nordic region’s P27 initiative is the antithesis of its relatively small place on the global map. Much of that is down to the impressive scope of its ambition: to build the world’s most cutting-edge, cross-border payments system, encompassing multiple currencies and payment types (including real-time), plus building out the services to sit on top of the rails, which will drive further value.
Taking the Pulse of Biometric Authentication in 2020
Growing demand for digital payment methods in recent years, including a plethora of mobile payments and person-to-person payment applications, has already put biometric authentication firmly at the forefront of payments and fintech. Moreover, the COVID-19 global health crisis has introduced new norms that have discouraged non-essential physical interaction, which has further boosted the popularity of digital payment alternatives. Already in March, CNBC noted that there had been a surge in the number of Americans preferring ‘”tap and go” transactions through digital wallets, like Apple Pay or Google Pay, overwhelmingly secured with biometric (mainly fingerprint) authentication.
How Does Brazil Measure Up Against the 5 Key Indicators of Real-time Payments Success?
Real-time payments, or immediate payments, have experienced explosive adoption in many markets around the world. While some have developed their own approach to deploying real-time payments, the COVID-19 pandemic has served as an accelerant in the implementation of real-time payments and digital modernization. With real-time payments volumes now increasing in some markets due to the pandemic, it’s important to look at how Brazil measures up against these 5 key indicators of successful implementations and to understand how the country can drive adoption of its new real-time system, PIX.
Why the Value of Real-Time Payments is Not in the Fees Charged
I recently hosted a webinar with payments experts to delve into ACI’s Prime Time for Real-Time research and uncover what the rise in global transactions means for the U.S. market. I was joined by Steve Ledford, product executive for the RTP Network of The Clearing House, Reed Luhtanen, executive director of the U.S. Faster Payments Council, and Peter Hazou, director of solutions for Financial Services at Microsoft. We investigated the unique factors that have so far hindered ubiquitous adoption of real-time payments in the U.S., as well as those that highlight the market’s position to capitalize on the global rise of real-time, and deliver value to financial institutions, merchants, corporates and consumers.
Envisioning a Cross-Border, Real-Time Payments Ecosystem in Southeast Asia
Southeast Asia is emerging as the center of real-time, cross-border payments growth, with ISO 20022 and QR codes as critical components, according to new research published by ACI and Kapronasia, a leading financial technology market research and consulting firm. Envisioning a pan-regional, real-time payments ecosystem in Southeast Asia sees real-time payments as a key enabler for the Southeast Asian economy, especially as the region pursues economic recovery and further digital transformation on the back of COVID-19.
Three Must-Haves for Immediate Payments Success in Brazil
Recently, the Central Bank of Brazil (BCB) announced its plan to launch the country’s first instant payments scheme, PIX, which is expected to be operational by November 2020. PIX will be mandatory for all larger banks in Brazil and will work as a central infrastructure with non-stop availability. The scheme will also be based on the ISO 20022 messaging standard, which features data-rich messaging and facilitates greater availability, speed, convenience and security. Ultimately, this open environment will be a major catalyst for innovation.