Question: I have a small retail shop and am not worried about fraud. But if I don’t upgrade and get an EMV enabled credit card machine, will that mean that I am no longer PCI compliant?
Answer: Even though the adoption of the EMV initiative—which involves changing out your current POS devices to those that support EMV enabled credit cards (those with a chip instead of a magnetic stripe)—is voluntary and fraud is not your major concern, I would still look into making the switch over.
October 1, 2015 is the date in which the liability shift for fraudulent credit card transaction responsibility takes effect, putting the following scenarios into play:
- If you are still using the magnetic stripe only devices and your customer has an EMV enabled card, you are liable for any fraud that may result from that transaction. In other words, if the card number is replicated and used to buy $10,000 worth of stuff, you owe the $10,000 in addition to any fines or fees.
- If you have the new EMV enabled credit card readers but the bank hasn’t issued the customer an EMV enabled card, the bank is liable for any fraud that may result from that transaction.
- If you use the new EMV enabled credit card readers on a customer’s EMV enabled card and fraud still takes place, then the credit card company bears the liability, as is the case today.
Because you’re a small business owner, I would advise against taking on the risk of using older technology after the liability shift as it could potentially cause you to incur significant costs should fraudulent credit card activity take place in your retail shop.
I also recommend this related PCI Compliance Guide post: Will EMV Make You PCI Compliant?
Subscribe to this blog for additional tips and webinar announcements.