The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?

U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Despite this extension, it’s likely that many U.S. fuel stations will still not meet the new deadline, leaving themselves open to the fraud liability shift that will kick in after that date.
So, what can merchants do to protect themselves if they’re not ready in time?
The EMV state of play at U.S. fuel stations
As we explained in our recent blog post, card issuers can charge back fraudulent transactions if the merchant is unable to accept EMV cards at the pump after the implementation deadline.
According to Aite Group, as of August 2019, only 13 percent of fuel merchants had fully installed EMV card readers at the pump and only 42 percent were expecting to be fully installed by October 2020. Even with the additional six-month extension, it is clear that a large proportion of fuel merchants will not be compliant in time.
This is largely due to the expense, labor and physical infrastructure replacement that is needed. The cost alone is difficult to manage, with an estimated price tag of $6,000 per dispenser, or $55K per fuel station. With these costs, it’s easy to see why for many who own only a few stores, the effort to upgrade is probably not financially viable. For those who are implementing, there’s also a shortage of resources needed to change the equipment, impeding their ability to meet the deadline.
How much of a fraud problem is there?
There are millions of fake cards in circulation that fraudsters can use to steal products and services at merchant locations. Fraudsters seek the path of least resistance to poach and pilfer. Because most payment cards now have EMV chips and most merchant points of service around the world support EMV chip cards ─ fuel dispensers in the U.S. are the path of least resistance for fraudsters. When U.S. merchants (including in-store at convenience and grocery stores) implemented EMV, those that were last across the line became the targets of fraudsters and their fraud losses increased.
The same will be true at the automated fuel dispenser and, in fact, the problem will be greater because fraudsters do not have to go into the store and face a person who can challenge them or call the police – they can just drive off.
Adding to the problem is that fuel merchants have not had to face much in the way of chargebacks, since issuers have borne the vast majority of fraud costs. The liability shift will change this situation dramatically. Most fuel merchants are largely unaware of the volume of fraud going through their business and have poor visibility into the cost of fraud. It’s understandable that many are not prepared. Given the tight margins, justifying an expensive and resource-hungry change such as EMV implementation may not be possible. But there is also a rising cost to inaction.
What is likely to happen after the deadline… or, now what?
The deadline shift will help some merchants solidify their plans, but there will be laggards, and low-priority stores. If a fuel merchant hasn’t upgraded their pumps to enable EMV payments, they will be liable for any card fraud after the deadline. This cost is difficult to predict, but it could be significant.
EMV helps enormously with preventing fraud in card-present payments because it prevents stolen, fake or cloned cards from being used. Fuel merchants who haven’t upgraded won’t just be taking the cost hit on the fraud levels they already had, but they may also make themselves targets for fraudsters who know they can continue to successfully use cloned, stolen or fake cards there.
Developing a fraud prevention strategy
While it’s important to still work towards EMV implementation, fuel merchants also need to make sure they have a broader fraud and data theft prevention strategy in place; one that includes fraud detection, point-to-point encryption (P2PE) and tokenization.
Let’s start with recognizing and stopping fraud. We know there is going to be fraud, so fuel merchants should think like a card-not-present (CNP) or eCommerce merchant and put in place a proper fraud detection and prevention solution. This would check against known black-market databases and additional global consortium data, as well as positive profiling from other merchants and known good customer transactions. This can be done without annoying regular customers who might be frustrated by additional checks.
With alternative and mobile payments, new vulnerabilities will be exposed and it’s best to be prepared for them. The broader shift towards omni-channel payments has made an integrated approach to payments and fraud essential for many merchants.
A fraud prevention solution isn’t an interim measure though – it’s a necessary long-term one. It’s of great value to have a sophisticated fraud prevention solution as an integrated part of the payments acceptance platform. This way, fraud screening (and fraud data capture) can happen across any type of payment made at the pump, in the store, or across the various touchpoints and payment types the merchant chooses to enable. By having this solution in place, merchants can prevent the vast majority of fraud before it happens and avoid the liability altogether, whether they are EMV-enabled or not.
Guarding against data theft
The other side of the strategy is better data protection. While EMV keeps merchants from accepting a bad card, P2PE secures the captured information, protecting it from any data breach. P2PE helps with PCI compliance, guarding against fraud and data theft by preventing hackers or other third parties from reading and exploiting sensitive payments data.
We’ll be exploring the value of P2PE in an upcoming blog post. In the meantime, if you’re a fuel merchant looking to find out more about payments security and mitigating fraud at the pump, I will be leading an NPECA webinar on May 21.
Watch the on-demand webinar: Hi-Octane EMV+ with P2PE and Tokenization
In this on-demand webinar, Dan Coates discusses how adding point-to-point encryption (P2PE) and tokenization to your EMV initiative can help fully protect payments at the pump. With the October EMV deadline being pushed to next April, let’s consider these additional threat protections that will also significantly reduce your PCI compliance and add flexibility to your payment processes.
Related Blog Posts
EMV at the Pump: Is it Really That Secure?
Last weekend I went spring skiing, well spring snowboarding — but you know what I mean. It was sunny, with temperatures in the 50s — an epic day of carving mashed potatoes to close my snowboarding season.
Could Increased Fraud Make the Mobile Payments Boom a Revenue Bust for Merchants?
Mobile payments are fast becoming mainstream, with ACI merchant customers seeing 30 percent of all eCommerce transactions in 2020 being made on mobile devices. In the United States, adoption is higher, with 42 percent of eCommerce transactions in 2020 on mobile – that’s a year-on-year growth rate of 55 percent.
PCI DSS 4.0 Compliance – A Catalyst for Progressive Consumer Payments Modernization
2021 marks the beginning of the implementation of the new PCI DSS standards, with the final version of PCI DSS v4.0 currently planned for completion in Q4 2021. The planning phase, which has been run collaboratively by the Security Standards Council with the global industry since 2019, has now come to an end and the time window for global financial institutions to begin implementing their solutions has begun. In short, if you haven’t started yet, you’re already behind the curve.
Building Resilience and Flexibility Through Multi-Acquiring
At one time, merchants saw payments simply as the cost of doing business. Today, however, payments are seen as a strategic battleground—one that can drive revenue and loyalty when done right. Against this backdrop, and coupled with the rise in digital payments, acquirers and banks must work harder than ever to provide the payment types, speed to market, cost point and reliability merchants are demanding.
Touchless Payments: A Major Opportunity for Grocers
The grocery shopping experience has changed significantly in recent years. What was once a simple, traditional trip to the store has now evolved into a variety of consumer journeys spanning multiple delivery channels. Online shopping for home delivery or in-store pickup has gained significant consumer adoption, along with in-store innovations such as self-checkouts and ‘scan and pay’.
Fintech’s March Madness: The Top Seeds “Jonesing” for Glory in Indiana
Ahh March Madness… my favorite time of year for sports (and gambling) and also the one tournament where I’m typically out of the running in my myriad betting pools after day one. While I’ve paid only marginal attention to actual college basketball this year, I’ve been keeping much closer tabs on the madness that has enveloped fintech. And while 68 teams comprise the real March Madness tournament, I’m really only focused on the top four fintech seeds… and that’s primarily due to length of this post (as well as my waning attention span).
Grocery Shoppers Show Omnivorous Appetite for Omni-Channel
Digital acceleration and the massive growth in eCommerce sales in 2020 have not gone unnoticed by those in the connected world. Largely driven by the COVID-19 pandemic, ACI Worldwide data analysis showed that global online sales in the general retail sector were up 209 percent in April and 81 percent in May (compared to the previous year), and overall eCommerce sales continued to show an uplift of more than 20 percent compared to a year earlier in November.
Cloud Trends That Will Shape India’s Banking Sector in 2021
India’s banks and financial institutions (FIs) continue to adapt and innovate as the pandemic drives mass adoption of digital payments. Long term success will depend on successfully ramping up services and ensuring profitability while reshaping customer experiences. This is where the power of the cloud will come into play: In 2021, cloud will increasingly power vital infrastructure for India’s banking and payments sector, improving remote collaboration as well as enabling faster and more agile application development and deployment.
Merchants Don’t Need a Payments Gateway, They Need a Payments Hub
The term “payments gateway” over-simplifies what it takes to process a payment. The terminology comes from the early days of online payment processing, but has now entered the vernacular for all aspects of merchant payments, including online, mobile and in-store.
How to Recession-Proof Your Retail Business in 2021
2020 has been a challenging year for retailers; many were — understandably — unprepared to deal with the pandemic. With millions of people in the U.K. in lockdown, consumers and businesses have had to change the way they work and live, and the way they shop and pay.