EMV & The Merchant Owned ATM

Posted by

With the October 2016 full MasterCard EMV liability shift fast approaching, many independent ATM sales organizations (ISO) and deployers (IAD) are facing an unusual dilemma – the possibility of fraud losses on machines they do not own.

The EMV liability shift for point-of-sale (POS) terminals went into effect in October 2015 – with around 30 to 40 percent of retailers ready and able to process chip card transactions.

Risks of Merchants Not Upgrading ATMs

As ATM owners, merchants face the same level of risk exposure at their ATMs and POS terminals. “However, ATM fraud has the potential for much larger consequences than POS as a single stolen card can pull hundreds of dollars per day out of the machine before that card number is shut down,” says ATMequipment.com Sales Manager Cooper Frandsen.

If the ATM’s EMV hardware and software have been installed and certified, the ATM deployer and merchant should be shielded from bearing any of the “counterfeit card fraud” that is subject to the EMV liability shift. “Otherwise, in the case of a non-EMV ready ATM, responsibility will depend largely on the specific contract(s) in place between the ISO/IAD and the merchant along with other factors.

Some merchants may be concerned about dealing with similar certification issues when it comes to implementing EMV at their ATMs. However, most are simply unaware of the additional liability their ATM could pose for the business or that all ATM EMV card readers have achieved certification.

“ Every effort should be made to have the merchant upgrade their terminals to EMV. Failure to do so may result in a catastrophic fraud loss to the merchant...” — Betsy Bohlen, Pueblo Bank & Trust

Many merchants do not fully understand their exposure. Providing statistical data and case studies can assist in delivering the message,” says Matthews. Survey data from ATMIA as reported by ATM manufacturer NCR outlines average costs of skimming to sit around $650 per card, $5,000 to $100,000 per incident.