The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Despite this extension, it’s likely that many U.S. fuel stations will still not meet the new deadline, leaving themselves open to the fraud liability shift that will kick in after that date.
So, what can merchants do to protect themselves if they’re not ready in time?
The EMV state of play at U.S. fuel stations
As we explained in our recent blog post, card issuers can charge back fraudulent transactions if the merchant is unable to accept EMV cards at the pump after the implementation deadline.
According to Aite Group, as of August 2019, only 13 percent of fuel merchants had fully installed EMV card readers at the pump and only 42 percent were expecting to be fully installed by October 2020. Even with the additional six-month extension, it is clear that a large proportion of fuel merchants will not be compliant in time.
This is largely due to the expense, labor and physical infrastructure replacement that is needed. The cost alone is difficult to manage, with an estimated price tag of $6,000 per dispenser, or $55K per fuel station. With these costs, it’s easy to see why for many who own only a few stores, the effort to upgrade is probably not financially viable. For those who are implementing, there’s also a shortage of resources needed to change the equipment, impeding their ability to meet the deadline.
How much of a fraud problem is there?
There are millions of fake cards in circulation that fraudsters can use to steal products and services at merchant locations. Fraudsters seek the path of least resistance to poach and pilfer. Because most payment cards now have EMV chips and most merchant points of service around the world support EMV chip cards ─ fuel dispensers in the U.S. are the path of least resistance for fraudsters. When U.S. merchants (including in-store at convenience and grocery stores) implemented EMV, those that were last across the line became the targets of fraudsters and their fraud losses increased.
The same will be true at the automated fuel dispenser and, in fact, the problem will be greater because fraudsters do not have to go into the store and face a person who can challenge them or call the police – they can just drive off.
Adding to the problem is that fuel merchants have not had to face much in the way of chargebacks, since issuers have borne the vast majority of fraud costs. The liability shift will change this situation dramatically. Most fuel merchants are largely unaware of the volume of fraud going through their business and have poor visibility into the cost of fraud. It’s understandable that many are not prepared. Given the tight margins, justifying an expensive and resource-hungry change such as EMV implementation may not be possible. But there is also a rising cost to inaction.
What is likely to happen after the deadline… or, now what?
The deadline shift will help some merchants solidify their plans, but there will be laggards, and low-priority stores. If a fuel merchant hasn’t upgraded their pumps to enable EMV payments, they will be liable for any card fraud after the deadline. This cost is difficult to predict, but it could be significant.
EMV helps enormously with preventing fraud in card-present payments because it prevents stolen, fake or cloned cards from being used. Fuel merchants who haven’t upgraded won’t just be taking the cost hit on the fraud levels they already had, but they may also make themselves targets for fraudsters who know they can continue to successfully use cloned, stolen or fake cards there.
Developing a fraud prevention strategy
While it’s important to still work towards EMV implementation, fuel merchants also need to make sure they have a broader fraud and data theft prevention strategy in place; one that includes fraud detection, point-to-point encryption (P2PE) and tokenization.
Let’s start with recognizing and stopping fraud. We know there is going to be fraud, so fuel merchants should think like a card-not-present (CNP) or eCommerce merchant and put in place a proper fraud detection and prevention solution. This would check against known black-market databases and additional global consortium data, as well as positive profiling from other merchants and known good customer transactions. This can be done without annoying regular customers who might be frustrated by additional checks.
With alternative and mobile payments, new vulnerabilities will be exposed and it’s best to be prepared for them. The broader shift towards omni-channel payments has made an integrated approach to payments and fraud essential for many merchants.
A fraud prevention solution isn’t an interim measure though – it’s a necessary long-term one. It’s of great value to have a sophisticated fraud prevention solution as an integrated part of the payments acceptance platform. This way, fraud screening (and fraud data capture) can happen across any type of payment made at the pump, in the store, or across the various touchpoints and payment types the merchant chooses to enable. By having this solution in place, merchants can prevent the vast majority of fraud before it happens and avoid the liability altogether, whether they are EMV-enabled or not.
Guarding against data theft
The other side of the strategy is better data protection. While EMV keeps merchants from accepting a bad card, P2PE secures the captured information, protecting it from any data breach. P2PE helps with PCI compliance, guarding against fraud and data theft by preventing hackers or other third parties from reading and exploiting sensitive payments data.
We’ll be exploring the value of P2PE in an upcoming blog post. In the meantime, if you’re a fuel merchant looking to find out more about payments security and mitigating fraud at the pump, I will be leading an NPECA webinar on May 21.
Register for the webinar: Hi-Octane EMV+ with P2PE and Tokenization
Join Dan Coates, senior solutions consultant, ACI Worldwide as he discusses how adding point-to-point encryption (P2PE) and tokenization to your EMV initiative can help fully protect payments at the pump. With the October EMV deadline being pushed to next April, let’s consider these additional threat protections that will also significantly reduce your PCI compliance and add flexibility to your payment processes.
Related Blog Posts
No Margin for Error: Acquirers Must Now Master the Art of Reinvention [Q&A]
The digital transformation of banking and growing competition within the industry is rapidly changing the world of global acquirers. Long gone are the days when an acquirer’s primary role was simply to facilitate an acceptance ecosystem for credit card payments. As part of its new “Prime Time for Real-Time” report, ACI recently published No Margin for Error, an eBook looking at the changes — and challenges — facing acquirers. I spoke to Ruth Fornell, our executive vice president – consumer payments, about the key insights, why acquirers are being forced to rethink their business models and what the future may hold.
Digital Payments: A Creature Comfort in the Era of COVID-19
Humans have an impressive ability to adapt – and have quickly done so in terms of their spending behaviors and choice of payment methods in response to the COVID-19 pandemic. Lockdowns forced many to consider cash alternatives to make payments, driving a huge surge in demand for digital payment services. And in some European countries, demand has risen as much as 81 percent.
Why Human Nature Presents a Challenge for Acquirers
It’s one of the great paradoxes of human behavior: people are predictably unpredictable. We work in irrational ways, hearts win out over heads and the unexpected can rapidly become the norm. Try as we might, predicting the emergence of any new trend is difficult – particularly in unpredictable times – and this is just as true in the world of payments as it is elsewhere.
How ISO 20022 Represents Both a Challenge and an Opportunity for Southeast Asia’s Payments Landscape
Governments across Southeast Asia (SEA) are increasingly recognizing the vital role that payments play in the engines of their economies, which has resulted in a number of payments modernization initiatives such as those in Vietnam and Malaysia (PayNet). Yet there is one particular area in which SEA’s financial institutions might still be lagging behind their global counterparts: the adoption of ISO 20022, which has become the global standard for high-value payments and immediate payments (IP) when it comes to cross-border payments.
Ready or Not, The Time Is Now for Real-Time Payments
Research from ACI and GlobalData confirms that demand for real-time payments is only going in one direction: up. The root cause of this increasing demand is rising customer expectations and behaviors; clunky and opaque payment experiences are becoming less tolerable in a world where customers can buy, watch and listen to almost anything with a swipe, tap or click.
When It Comes to Payments, COVID-19 Crisis Could Lead to Long-Term Shifts in Consumer Behavior [Q&A]
ACI Worldwide and GlobalData recently launched Prime Time for Real-Time, a new global report tracking and analyzing real-time payments volumes, growth and dynamics across 30 global markets. According to the global research, an industry first, more than half a trillion real-time payments transactions will be processed over the next five years. I discussed what the findings mean, and how the COVID-19 pandemic might be a further catalyst for behavioral change, with ACI’s global head of real-time payments, Craig Ramsey.
TCH RTP and FedNow: What’s Next for U.S. Immediate Payments?
It has taken some time, but immediate payments (IP) are on the move in the United States. Although the speed of adoption has been slightly behind the curve of regions like India, the Nordics and the U.K., the U.S. has seen significant year-on-year IP growth of 69 percent.
Social, Mobile and Instant Payments: How Digital Payment Overlay Services Will Power Up P27
For some years now, the Nordics region has been a global-standard bearer for payments and financial services innovation. Sweden has for many years been a leader in the progressive move towards cashlessness, championing the range of efficiencies that it brings. Major payments innovators like Klarna, FundedByMe and iZettle are based in the region, rubber-stamping Stockholm as a genuine fintech hub. Analysts and insight leaders also regularly single the Nordics out as a genuine leader, in particular praising the collaboration between governments, regulators, financial institutions and businesses that has led to such fertile ground for financial modernization initiatives.
How to Meet ISO 20022 Migration Deadlines for Fedwire and SWIFT
Over the next decade, we will undoubtedly see huge shifts in how financial institutions throughout North America transact, whether domestically or across international borders. This will be driven not just by changing technologies, but also by regulatory events – such as the widespread adoption of financial messaging standards like ISO 20022.
How Can European Banks Meet the ISO 20022 Migration Deadlines for TARGET2 and SWIFT?
First published in 2004 – and already broadly used in some quarters – ISO 20022 is rapidly set to become the de facto standard for financial messaging around the world, replacing MT messages.