Breaking down the EMV liability shift
Below is what happens if a credit card data breach occurs after Oct. 1, 2015:
If a merchant is still using the swipe and signature method at the POS, and the consumer has an EMV chip-enabled credit card, the merchant is responsible for all losses in the event of fraud.
If the merchant has a POS system that accommodates chip-enabled credit cards, but the consumer's credit card has only the swipe option, the consumer's bank assumes liability for any losses should a data breach occur.
Finally, if a data breach still happens even though the merchant and consumer are both EMV-ready, the credit card issuer assumes the liability.
Suffering a credit card breach should be one of the major concerns for merchants. Those suffered by Target Corp. and The Home Depot Inc. were well publicized. What didn't make the news was the fact that 90 percent of the breaches over the last 18 months were suffered by SMBs.
Read more here: greensheet.com