The Green Sheet Online Edition
October 12, 2015 • Issue 15:10:01
Beware of pitfalls associated with EMV migration
All ISOs, processors and other payment companies are using Europay, MasterCard and Visa (EMV) at some level in sales pitches. With data breaches in the headlines, extolling the benefits of EMV can be a useful, legitimate way to convince merchants to upgrade their equipment.
But selling EMV, like selling anything, comes with potential liability stemming from the owners of EMV, state and federal regulators, and over-zealous attorneys looking to certify a class or obtain a quick settlement offer. But the answer to a few simple questions can lay the foundation for a company to integrate EMV into a sales pitch in a fully compliant manner without sacrificing any salient details.
Who owns EMV?
After the EMV protocols were established, Visa Inc., MasterCard Worldwide, JCB International Ltd., American Express Co., China UnionPay and Discover Financial Services formed a consortium titled EMVCo to manage the EMV standard (see www.emvco.com/about_emvco.aspx?id=156). EMV is also a registered trademark of EMVCo LLC in the United States and other countries.
Should I be worried?
EMVCo has a mega-firm with a devoted faction hunting and punishing companies for misusing the words EMV, also known as the EMV Mark, without EMVCo's permission.
How can I present EMV on my website or other marketing collateral?
Payment companies offering EMV must consider how and where they pitch their products and how they relate to EMV. EMVCo published guidelines to be followed when using the EMV Mark (see www.emvco.com/media_center.aspx?id=50).
EMVCo allows use of the EMV Mark only in connection with factually accurate statements and representations about specifications developed by EMVCo. EMVCo requires that the following statement appear on the same page or on the face of any materials where the EMV Mark appears: "EMV is a registered trademark or trademark of EMVCo LLC in the United States and other countries."
EMVCo provides further specificity about where the EMV Mark cannot be used, as follows:
- As part of a company name
- As part of a domain name
- In a way that implies a relationship, sponsorship or association with EMVCo, if untrue.
When the EMV Mark is on a website, EMVCo requires that this reference also include a link to EMVCo's web site at www.emvco.com.
Can my company use the EMVCo logo?
Although less than one-third of merchants report knowing what EMV is or how it will affect them, processors may want to increase their credibility by branding their companies with the official EMVCo logo. Doing so requires obtaining a license from EMVCo that involves submitting to EMVCo's strict approval testing and agreeing to EMVCo's Trademark License Agreement for Certification Trademarks.
What statements may I make regarding EMV?
Vendors whose products have not been tested and approved by EMVCo are not authorized to make statements to imply that their products "support EMV devices" or were "designed for EMV" or are "EMV compliant." According to EMV's enforcement task force, these statements may mislead consumers into mistakenly believing the products have successfully completed EMVCo testing and been approved by EMVCo.
Are there other threats?
Yes, state and federal agencies and plaintiffs' attorneys are on the lookout for misleading statements. Everything mentioned during any point in the sales process must not be misleading to avoid triggering an investigation, lawsuit or fine.
According to recent Federal Trade Commission cases, ISOs, processors and banks alike will be held liable if anyone in the food chain makes a misleading statement, such as one regarding EMV. Most such instances occur at the POS. But an uneducated customer service or deployment person could trigger liability. Thus, training on EMV should be rigorous and crisp.
One recent example involved a representative of an ISO who, while deftly overcoming objections, said the EMV standard was a new law. The EMV standard is not a law; failing to be EMV compliant is not illegal and will not put a person in jail or expose someone to a fine, loss of freedom or rights. Of course, pitching EMV as a law or regulation, especially due to the forthcoming shift in merchants' liability for not being EMV compliant, can be an effective scare tactic or at least an attention grabber.
That pitch, however, triggered a threatened $996,000 fine from a Utah state investigator who found the tactic was misleading. The investigator then surmised 398 other calls made that day by an over-achieving call center representative all included a similar pitch. The ISO had good representation and paid only a small fine and was also asked to register as an out-of-state business.
If a company became overly cautious and listened to everything a typical lawyer would advise, it would never sell anything to anyone. However, while the EMV migration opportunity is too hot for payment companies to miss, the risks and regulations of this product are all new, and with a conglomerate of the most powerful companies in the payments space calling the shots, a company is wise to heed the limited regulations out there regarding EMV.
James Huber is a partner at Global Legal Law Firm. Global Legal's attorneys are experts in the payments space and handle all aspects that those companies may face including nationwide litigation, regulatory compliance advice, class-action defense, merchant opinion letters for approval by processors, and structuring businesses to avoid triggering chargeback thresholds, to name several. James is available at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.