Blog posts tagged with 'Regulations'

EMV in the US

As we ponder this question, consider the most recent ATM theft in which organized thieves drained more than $45 million dollars from ATMs worldwide in mere hours. By accessing bank databases, cyber-thieves were able to eliminate maximum withdrawal limits on individual accounts, load customer data onto any plastic card with a magnetic stripe (a hotel room key would suffice) and use them to withdraw millions of dollars in cities around the world. Such a scheme isn’t that difficult to accomplish with the magnetic stripe technology we use today.      

The good news is that EMV is coming soon to an ATM near you. But “soon”
 is a subjective term. Most industry experts agree the primary driver for EMV migration in the U.S. will come from issuers, as they’re the ones tasked with replacing more than a billion mag-stripe credit and debit cards. This won’t be a singular event – but rather an ongoing process, where expired cards will be gradually replaced with EMV chip card technology. The shift will be subtle, and the card-holder may not even be aware of the change.


Before issuers can start providing customers with EMV smart-cards, they need a plan for accepting them at terminals. The first step towards accepting EMV smart-cards at the ATM is typically an assignment of liability:

• MasterCard is the first in the U.S. to publicly declare that if fraud occurs on a transaction initiated through an EMV card on a MasterCard, Cirrus or Maestro network, then the ATM owner will be liable for that fraud if the ATM was not properly equipped to support EMV technology. Visa has also announced dates for liability shifts, and other issuers in the U.S. will soon follow suit.

• In Canada, Visa was first to shift the liability to ATM owners. Within two years, all cards from Interact members (Royal Bank of Canada, CIBC, Scotiabank, Toronto-Dominion Bank, and the Desjardins Group of Credit Unions) featured EMV chip-cards.

While the October 2016 deadline for compliance in the U.S. moves closer, the message is clear: It’s time to get ready for EMV. This shift, which can take up to a year to complete, involves hardware, software and professional services to ensure compatibility on the back end.



Handling Regulatory Issues - How and when they pay off.

In the past year ATM deployers have dealt with the ADA  deadline with PCI and EMV not far behind, not to mention the Windows 7 integration and deposit automation. It sounds like a headache I know, but it's really not all that complicated.  These all contribute to necessary hardware and software updates that need to be acknowledged.  But why are all of these upgrades even necessary? Two reasons:

Technology Shifts and Regulatory Mandates.

The upgrades due to technology shifts are not necessarily "legally" mandatory, but if you want to remain competitive then upgrades like Windows 7 and deposit automation are crucial.

Regulatory mandates such as ADA, PCI and EMV are necessary for financial institutions and deployers to keep up with regulatory compliance.  The fees with non-compliance fines and liability related lawsuits are much greater than the cost of the upgrades, so in the end the payoff is upgrading.

EMV is a bit of an exception because it isn't necessarily going to be a governmet regulation. You may have heard the term "Liability Shift" thrown around quite a bit. This liability shift is what is driving the EMV transition.  There is no specific penalty for not upgrading to a smart-card reader. However, with the liability shift, the responsibility of fraudulant activity trickls all the way down to the ATM owner.

A quick example: in Canada, an ATM destributor opted to not upgrade four of his machines by the January 1, 2013 deadline. Word got around that these four machines were not ready to accept EMV, so they were targetted. The thieves obtained a number of comprimised cards with unknown balances and withdrew over $90,000.  Needless to say these charges were being disputed by the actual account holders and because the liability shift deadline had passed, the only party that was required to pay back that $90,000 was the small time ATM destributor. And all for now spending the extra cash to upgrade his four machines.

With that being said the final decision when upgrading should make sense in that as an investment, they should generate a return.  Ofcourse common sense will tell us that not upgrading even just four machines isn't worth $90,000. 

Mathias Thiele, VP of Global Development at ACG Inc., uses the example of the automation of check handling: “Automating check processing results in greater operational efficiency and lower operational costs for end users, therefore satisfying the ROI (return on interest) requirement”.

Larger institutions have already adopted automatic check processessing where as the small companies are still in the process, though due to the cost of the upgrade it is actually more burdensome on the small company's budget than on larger institutions.  However, it is still essential for the smaller communities to invest into the upgrades to simply stay relevant in the industry.

These advances and requirements will come and go. The best thing to do is upgrade as soon as possible, otherwise take a step back and consider your companies budget.  Will remaining behind one step really affect you? Will it really hurt you if you don’t get that iPhone 5s and stick with the iPhone5? Advance your machines when it’s mandated and fiscally sensible and always remember to solicit advice and service at



Over the last year I’ve been getting g a lot of questions regarding EMV. What it is, why there's a need to upgrade again, who should absorb the cost of the EMV upgrades and why are there so many fires in California?  The answer is of course,  security and the Santa Anita winds. 

EMV (Europay, MasterCard and Visa) is an international standard on integrated circuit cards or “chip” cards as well as point of sale (POS) and automated teller machines for authorizing electronically transferred funds (EFT). 

Must I Upgrade?

The hard pill to swallow, never mind the fact that we’re still in the wake of ADA, is knowing that there is no choice in the matter when it comes to the EMV migration. Facing the liability shift consequences is the alternative to not complying with EMV, but no ISO or merchant wants to take on the responsibilities that financial institutions are currently fulfilling.  In the last eight years the ATM industry has gone through Triple-DES upgrades, ADA upgrades and now EMV.  But like most companies in the tech industry, upgrades are required to maintain both resiliency and government compliancy. 

The Myth Exists

Canada went through it's EMV transition the first of this year. There was an ISO that had not upgraded a handful of his machines by the January 1st deadline. Once it became common knowldedge the at his machines were not EMV ready a bulls-eye was placed directly over his locations. A group of compromised mag-striped cards were atttained and used on 4 of his machines to withdrawal the equivalent of $90,000. Since the liability had already gone into affect the card issuers were no longer liable for the lost funds, so who paid the $90,000? The ISO who didn't see it worth upgrading his ATMs. IT'S NOT WORTH THE RISK!!

Magnetic Stripe vs. Chip Technology

Currently all cards in the U.S. store data on a magnetic stripe located on the back of every debit, credit and pre-paid cards, a technology that can be routed to the 1960s.  Now with EMV, smart-card technology will feature a chip on the front of the card that stores encrypted data to protect against any form of duplication and fraudulent activity. This type of technology will also allow for more contactless “tap n’ go” transactions to follow in later years. 

Measurable result driven upgrade = 80% fraud decline

The overall goal of EMV is to reduce the risk of counterfeiting and fraudulent activity while standardizing payment activity throughout the globe.  In a study done by the Aite Group, they estimated that 8.6 billion is lost to fraud in the U.S. each year, while the U.S. secret service found that more than $1 billion was directly related to ATMs.  Europe has recorded an unprecedented decline in ATM related fraudulent activities mostly attributed to this upgrade.

In regions throughout the world that have adopted EMV, ATM fraud has dropped dramatically, as much as 80%.  The facts are solid, EMV is much more secure than the current magnetic strip and the necessity of EMV is imperative to protect people from fraud, and the United States is next in line to suit up and join the international players.

Some EMV benefits

To name a few: A massive reduction in card fraud, ability to use cards anywhere in the world and it takes the industry one stop closer to contactless and mobile payment solutions.

By the end of 2010 close to 1.25 billion EMV “chip and pin” cards were in use worldwide playing a huge part in Europe where half way through 2006 a 62 Million Euros loss was reported due to ATM fraudulent activities, then to 23 Million Euros at the end of 2010, a reduction of 63% in just 4 years! 

Yes there are some costs that come with upgrading your terminal, but remember we are in the financial industry, and we deal with customers accounts and livelyhood. So government regulations are coming much more frequent to protect the masses.  We are here to provide a service at a standard that we would expect from our providers.