Experts are warning that up to $10 billion may be lost this year as a result of credit card fraud, according to Insurance Market Source. To combat these losses, the industry is adopting CHIP card security or EMV card technology, which is enhancing consumer protection and may be shifting the liability framework of who is responsible for compensation in the case of fraudulent transactions.
David Derigiotis of Burns & Wilcox stated that “under federal law, if a card holder’s credit card number is stolen, but not the card, the consumer is not liable for any unauthorized use. The responsibility currently falls on the bank or financial institution that issued the payment card. However, once the new policy comes into effect this October, retail merchants will also be liable for fraudulent charges if they are not supporting EMV technology.”
Derigiotis outlined three ways that these changes may affect the cyber liability policies of many retailers. First, experts are expecting an increase in online fraudulent purchases due to the fact that it will be harder for criminals to replicate cards for in-store use. To address this influx of fraudulent online purchases, “brokers and agents should work with their retail merchant clients to ensure their e-ecommerce system has the right protections and adequate limits in place.”
Secondly, if retailers fail to update their systems to handle EMV cards, their cyber liability policy may no longer cover any fines levied against them if they are found to be non-compliant with the PCI Data Security Standard. Normally any fines associated would be covered by a cyber policy, so firms should update their technology to accept EMV cards.
Finally, not only does updating systems to accept CHIP/EMV cards limit the ability of criminals to commit fraud with stolen credit cards, it highlights to the insurers “that an organization has a strong approach to risk management and cyber security.”