New Credit Card Chips Shift Liability to Retailers
By: Andrew Cohn (Insurance Journal) December 2015
On Oct. 1, 2015, many of the insurance industry’s clients took on a lot more risk, and may not even know it. The Payment Card Industry, PCI, which is the self-regulating organization that oversees everyone that accepts or issues payment cards, set the date of Oct. 1, for point-of-sale machines to begin accepting “chip cards.”
By now, most consumers have received at least one of these chip cards in the mail, but they may not have seen many businesses accepting the cards, except big name stores such as Target, Publix and Wal-Mart. The announcement of the 2015 integration date came in August 2011, and many notices and warnings have been issued in the past year. But many, if not most, retailer insurance clients probably do not have the machines necessary to accept these cards. And that’s kind of a big deal because effective Oct. 1, the liability for fraud was shifted from the banks, to them. And they expect their risk managers and insurance professionals to assist them in managing these risks.
First, let’s go over the basics. The new cards already have a few nomenclatures, so it’s important to be familiar with them if clients use any variations of them. They are called chip cards, Chip and Pin, or EMV, which stands for Europay, Mastercard and Visa. They could also be referred to NFC, or Near Field Communications, which is actually just a feature that some of the cards will have that enable the user to tap the card against a reader, instead of dipping the card in for the chip to be read.
Signatures will still be required, at least until the PIN part of the chip and pin is implemented. The new cards still have the magnetic strips on the back as a convenience for customers if the merchant does not have the ability to read the chip. But due to the shift in liability, this benefits the customer and the bank, not your client, the business.
Payment Card Fraud
It is undisputed that fraud in the payment card industry in rampant. Everyone has read about the breaches and hacks involving Target, TJX, Home Depot and others. According to the Wall Street Journal, fraud last year in brick and mortar stores in the U.S. accounted for more than $3.8 billion of the estimated $10 billion in annual fraud in the payment card industry.
The hope is that the new chip card technology will reduce fraud significantly. The old cards work by swiping a magnetic strip through a point-of-sale machine which sends the card’s data to be processed by the bank and then back to the point-of-sale machine to complete the sale. The chip machines will do the same thing, but now instead of sending the card’s information it will send a one-time use code to process that transaction. So if that code is intercepted or stolen, it will be useless, versus stealing the credit card number from the magnetic strip which could be used again and again until the card is cancelled. The magnetic strip cards stored data, which was unchanging and could be replicated by counterfeit card makers or simply used without the card present.
The technology has been around for a few years and is widely used in Europe. The end-game in the United States will be a chip and pin payment card transaction. This will mean that you slide your card into the machine, and then you put a PIN code in, like you do when using a debit card. Oct. 1 was a big date in the United States because that is the day that the payment card industry set for the shift for point-of-sale (POS) machines to accept the new chip technology, with the exception of fuel dispensers, which do not have to comply until 2017. After that date, if a business has a POS that doesn’t accept the chip card, the customer has a chip card, and there is fraud, the banks will no longer accept the liability for that fraud. This deadline currently has no effect on card-not-present merchants, which are typically businesses that accept payments over the Internet or phone.
New Liability for Merchants
It is very important for insurance brokers to make their clients aware of their new liability if they do not switch to the chip reader machines. It is estimated that as many as 75 percent of merchants have not switched to the new terminals that can accept the chip technology.
Insurance may help as a risk transfer tool, but insurance professionals should be focused on risk avoidance and risk reduction, which can be accomplished by switching to the new point-of-sale terminals that accept the chip technology.
However, the time an agent is speaking with clients about their new liability is a perfect opportunity to discuss their need for privacy liability insurance. Privacy liability or cyber liability protects a business for the damages they are liable due to a variety of claims scenarios depending on the type of coverage selected. Many policies are designed to cover events such as privacy breaches, viruses, cyber extortion, intellectual property infringement, denial of service attacks, data destruction, fines due to regulations such as HIPAA, PCI and more. Some policies are silent on whether they will cover fraud arising from not having the chip card readers; others require compliance with payment card industry standards.
Insurance professionals are well aware that policy forms and conditions differ, but with cyber liability every insurer’s forms are different. It’s very important to read the policies and work with professionals to get the best policy for each situation. Agents should discuss these concerns with their customers, and get a full picture of what their actual exposures are, so they can offer coverage necessary for their customers’ actual risks.
Now is the time for agents to meet with clients, explain the chip card changes to them, and make sure they are adequately protected for all of their liabilities, not just the slips and falls. They’ve been reading about hacks and breaches every week, and they are concerned. This is the time to educate them about how they can be better prepared to prevent a loss, and to be protected when the loss occurs.
Categories
- Benefits Resources
- Bonding
- BOP
- Business Insurance
- Commercial Auto
- Commercial Property
- Company News
- Construction
- Crime Insurance
- Cyber Insurance
- Directors & Officers
- Employee Benefits
- Employment Practice Liability Insurance
- Entertainment
- General Liability
- Health Insurance
- Healthcare
- Healthcare Reform
- Homeowners Insurance
- Hospitality
- Manufacturing
- Medical Malpractice
- Mining & Energy
- Nightclubs
- Personal Auto
- Personal Insurance
- Professional
- Restaurants
- Retail & Wholesale
- Risk Management Resources
- Safety Topics
- SBA Bonds
- Security
- Seminars
- Technology
- Tourism
- Transportation
- Uncategorized
- Workers Compensation
Archives
- May 2021
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- November 2018
- September 2018
- August 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- February 2013
- November 2011
- October 2011
- September 2011
- July 2011
- June 2011
- March 2011
- November 2010
- October 2010
- September 2010
- April 2010
- February 2010
- November 2009
- October 2009
- November 2008
- August 2008