The EMV Deadline Has Been Extended for U.S. Fuel Merchants – Now What?
U.S. fuel stations were originally supposed to be EMV-compliant by October 2017, but due to complications and costs at the time, the deadline for EMV at the pump was extended for three years – and it has now been pushed out further to April 2021 due to the COVID-19 pandemic.
Despite this extension, it’s likely that many U.S. fuel stations will still not meet the new deadline, leaving themselves open to the fraud liability shift that will kick in after that date.
So, what can merchants do to protect themselves if they’re not ready in time?
The EMV state of play at U.S. fuel stations
As we explained in our recent blog post, card issuers can charge back fraudulent transactions if the merchant is unable to accept EMV cards at the pump after the implementation deadline.
According to Aite Group, as of August 2019, only 13 percent of fuel merchants had fully installed EMV card readers at the pump and only 42 percent were expecting to be fully installed by October 2020. Even with the additional six-month extension, it is clear that a large proportion of fuel merchants will not be compliant in time.
This is largely due to the expense, labor and physical infrastructure replacement that is needed. The cost alone is difficult to manage, with an estimated price tag of $6,000 per dispenser, or $55K per fuel station. With these costs, it’s easy to see why for many who own only a few stores, the effort to upgrade is probably not financially viable. For those who are implementing, there’s also a shortage of resources needed to change the equipment, impeding their ability to meet the deadline.
How much of a fraud problem is there?
There are millions of fake cards in circulation that fraudsters can use to steal products and services at merchant locations. Fraudsters seek the path of least resistance to poach and pilfer. Because most payment cards now have EMV chips and most merchant points of service around the world support EMV chip cards ─ fuel dispensers in the U.S. are the path of least resistance for fraudsters. When U.S. merchants (including in-store at convenience and grocery stores) implemented EMV, those that were last across the line became the targets of fraudsters and their fraud losses increased.
The same will be true at the automated fuel dispenser and, in fact, the problem will be greater because fraudsters do not have to go into the store and face a person who can challenge them or call the police – they can just drive off.
Adding to the problem is that fuel merchants have not had to face much in the way of chargebacks, since issuers have borne the vast majority of fraud costs. The liability shift will change this situation dramatically. Most fuel merchants are largely unaware of the volume of fraud going through their business and have poor visibility into the cost of fraud. It’s understandable that many are not prepared. Given the tight margins, justifying an expensive and resource-hungry change such as EMV implementation may not be possible. But there is also a rising cost to inaction.
What is likely to happen after the deadline… or, now what?
The deadline shift will help some merchants solidify their plans, but there will be laggards, and low-priority stores. If a fuel merchant hasn’t upgraded their pumps to enable EMV payments, they will be liable for any card fraud after the deadline. This cost is difficult to predict, but it could be significant.
EMV helps enormously with preventing fraud in card-present payments because it prevents stolen, fake or cloned cards from being used. Fuel merchants who haven’t upgraded won’t just be taking the cost hit on the fraud levels they already had, but they may also make themselves targets for fraudsters who know they can continue to successfully use cloned, stolen or fake cards there.
Developing a fraud prevention strategy
While it’s important to still work towards EMV implementation, fuel merchants also need to make sure they have a broader fraud and data theft prevention strategy in place; one that includes fraud detection, point-to-point encryption (P2PE) and tokenization.
Let’s start with recognizing and stopping fraud. We know there is going to be fraud, so fuel merchants should think like a card-not-present (CNP) or eCommerce merchant and put in place a proper fraud detection and prevention solution. This would check against known black-market databases and additional global consortium data, as well as positive profiling from other merchants and known good customer transactions. This can be done without annoying regular customers who might be frustrated by additional checks.
With alternative and mobile payments, new vulnerabilities will be exposed and it’s best to be prepared for them. The broader shift towards omni-channel payments has made an integrated approach to payments and fraud essential for many merchants.
A fraud prevention solution isn’t an interim measure though – it’s a necessary long-term one. It’s of great value to have a sophisticated fraud prevention solution as an integrated part of the payments acceptance platform. This way, fraud screening (and fraud data capture) can happen across any type of payment made at the pump, in the store, or across the various touchpoints and payment types the merchant chooses to enable. By having this solution in place, merchants can prevent the vast majority of fraud before it happens and avoid the liability altogether, whether they are EMV-enabled or not.
Guarding against data theft
The other side of the strategy is better data protection. While EMV keeps merchants from accepting a bad card, P2PE secures the captured information, protecting it from any data breach. P2PE helps with PCI compliance, guarding against fraud and data theft by preventing hackers or other third parties from reading and exploiting sensitive payments data.
We’ll be exploring the value of P2PE in an upcoming blog post. In the meantime, if you’re a fuel merchant looking to find out more about payments security and mitigating fraud at the pump, I will be leading an NPECA webinar on May 21.
Watch the on-demand webinar: Hi-Octane EMV+ with P2PE and Tokenization
In this on-demand webinar, Dan Coates discusses how adding point-to-point encryption (P2PE) and tokenization to your EMV initiative can help fully protect payments at the pump. With the October EMV deadline being pushed to next April, let’s consider these additional threat protections that will also significantly reduce your PCI compliance and add flexibility to your payment processes.
Related Blog Posts
Payments in a Post-Coronavirus World: How the Pandemic Is Influencing Tomorrow’s Industry in Latin America
While the novel coronavirus has (understandably) dominated the day-to-day focus of today’s payment players, the fact is, at some point we will either fully adapt or be living in a post-coronavirus world. How can our industry prepare? In a recent webinar hosted by Fintech Americas, we brought together experts from Redeban Multicolor, Red Link and PROSA to explore where they see the industry going – with a specific emphasis on Latin American markets – and what they’re doing to ensure future success.
The Pandemic Has Accelerated the New Era of Acquiring
The COVID-19 pandemic has accelerated many trends already taking shape in consumer purchasing behavior. Almost overnight, routine activities ranging from picking up groceries to buying gas unexpectedly became something that they had never been before – risky.
How National Central Infrastructure Initiatives for Real-time Payments Create Immediate Business Opportunities for Merchants
More and more countries and regional alliances are investing in the creation of new financial market infrastructures. Governments and leaders of central banks have decided that the finance industry needs investment to be fit for the demands of digital economies, suitable for the trailblazing businesses of the fourth industrial revolution.
Payments Modernization in the Cloud: An Inflection Point in the History of Payments
Public cloud is one of the big buzzwords in payments right now. While a few years ago financial institutions were reluctant to embrace the technology, they are now among the most likely to do so. ACI discussed the topic of Payments Modernization in the Cloud during a recent webinar, moderated by Finextra’s Head of Research Gary Wright. Katrin Boettger caught up with the panellists — Ciaran Chu, head of cloud at ACI; Peter Hazou, business strategy leader at Microsoft and Lu Zurawski, practice lead, retail banking at ACI — about why the COVID-19 pandemic might be a further catalyst for the worldwide adoption of cloud technology.
Brazil’s Digital Payments Transformation: Five Key Takeaways
Brazil has abundant growth opportunity when it comes to digital payments, with PIX – the Central Bank of Brazil’s new instant payments system – expected to have a significant impact. This was evident during a recent webinar Digital Transformation into Payments, hosted by Mercado & Consumo em Alerta and featuring experts from Getnet, Pernambucanas, Conductor and ACI.
From "Access to Cash" to "Access to Digital" – How Innovative Thinking Is Keeping SMEs Trading
With millions of people in London and the wider U.K. having endured lockdowns and restrictions, the COVID-19 pandemic has had a massive impact on our shopping habits. While some supermarkets have struggled to keep up with customer demand and social distancing rules, many small, local business have adapted to the crisis quickly, efficiently and in innovative ways. While supermarkets have run out of delivery slots, smaller businesses are now offering local deliveries whilst providing safe digital payments options. They are also selling goods that the big supermarkets have run out of because traditional supply chains have been interrupted.
Taking the Pulse of Biometric Authentication in 2020
Growing demand for digital payment methods in recent years, including a plethora of mobile payments and person-to-person payment applications, has already put biometric authentication firmly at the forefront of payments and fintech. Moreover, the COVID-19 global health crisis has introduced new norms that have discouraged non-essential physical interaction, which has further boosted the popularity of digital payment alternatives. Already in March, CNBC noted that there had been a surge in the number of Americans preferring ‘”tap and go” transactions through digital wallets, like Apple Pay or Google Pay, overwhelmingly secured with biometric (mainly fingerprint) authentication.
COVID-19 Crisis Will Accelerate Launch of New Digital Payment Services Underpinned by Real-Time Payments
The COVID-19 crisis, and the fact that many millions have been self-quarantining at home, contributed to a spike in eCommerce growth in sectors such as retail and gaming and changing payment behaviors. Katrin Boettger spoke to Adam Needel, principal solution leadership manager —real-time payments, to discuss the impact the crisis may have on the future of digital and real-time payments.
When It Comes to Payments, COVID-19 Crisis Could Lead to Long-Term Shifts in Consumer Behavior [Q&A]
ACI Worldwide and GlobalData recently launched Prime Time for Real-Time, a new global report tracking and analyzing real-time payments volumes, growth and dynamics across 30 global markets. According to the global research, an industry first, more than half a trillion real-time payments transactions will be processed over the next five years. I discussed what the findings mean, and how the COVID-19 pandemic might be a further catalyst for behavioral change, with ACI’s global head of real-time payments, Craig Ramsey.
Women in Payments: Celebrating International Women’s Day 2020
International Women’s Day, celebrated on March 8, honors the social, economic, cultural and political achievements of women – including equality for all women.
To commemorate the occasion, we spoke with a few female leaders in the payments industry about what the day means both for them and for the wider payments industry. The comments and insights we received were nothing short of inspiring and encouraging.