Renewed Emphasis on Crime and Data Breach Liability Coverage

For many businesses, October 1, 2015 changed their risk profile, and they may not even know it.  Several years ago the major credit card companies, MasterCard, Visa, Discover and American Express, created a deadline, October 1, 2015, for the credit card business to convert to EMVs.

What is an EMV one might ask?  EMV is an acronym from Europay, MasterCard and Visa.  It is a global standard for credit cards equipped with computer chips and the technology used to authenticate transactions. The purpose of this computer chip is to reduce fraud by various technologies.  It is estimated that more than 500 million cards have now been issued in the U.S. which have a computer chip embedded in the plastic card.  While all business were supposed to be compliant with the new card-chip technology by October 1, 2015, full compliance is not required until the end of 2017.

So why does this transition period to full EMV compliance create a problem for the average business?  Under the credit card system in place prior to October 1, 2015, the liability for a fraudulent transaction and data breaches fell back on the payment processor (i.e., MasterCard, Visa, etc.) or the issuing bank depending on the credit card terms and conditions.  So if a cardholder’s credit card or credit card number was stolen and the cardholder sustained a loss as a result, then the credit card company or bank would be responsible for the fraudulent charges or data breaches.

However, on October 1, 2015, the liability for losses arising from the misuse of credit cards shifted to whichever party is the least EMV-compliant.  This means that if a merchant or business is not already EMV compliant then any liability for losses arising from the misuse of credit cards will fall on the merchant or business.  The Strawhecker Group, a global payment industry consulting company, estimates that only 27 percent of merchants were EMV compliant by October 1, 2015.

So any business that is not EMV compliant is now facing a greater liability for fraudulent transactions and data breaches. Insurance agents need to be discussing these exposures with their client.  It is good business and may reduce the agent’s E & O potential.


stuartStuart Powell, CPCU, CIC, CLU, ARM, ChFC, AAI, ARe, CRIS, has over 40 years experience in the industry, both as an independent agent and as IIANC’s resident insurance guru for the last 20 years. A valuable resource for IIANC members providing technical information, Stuart is well-known across the country for his vast insurance knowledge. He regularly teaches for numerous insurance organizations and is on the national faculty for the Society of Certified Insurance Counselors.

Questions? Contact Stuart at or 888-275-8914.

Leave a Reply

Your email address will not be published. Required fields are marked *