• EMV-delayed banks must set aside funds to cover losses


    BANKS that are not yet EMV or chip-compliant will soon have to aside provisions to cover any operational loss that may be incurred for not having a more secure chip-based technology, the central bank said.

    EMV is the global standard for chip-based credit and debit card transactions that are supposedly more difficult for fraudsters to hack into, compared with magnetic strip cards. The embedded chip contains unique transactions details that are activated each time the card is used. It is also protected by additional layers of security.

    The BSP issued Circular 808 in August 2013, giving banks and other financial institutions more than three years to upgrade their systems in the shift toward EMV technology by January 1 this year.

    However, latest BSP estimates showed that after January 1, the migration to EMV from magnetic stripes is only 90 percent complete with around 76 million cards still to be replaced.

    Incoming BSP Governor Nestor Espenilla Jr. said there would be a final deadline for the EMV migration and banks that would not be able to comply will have to set aside capital to cover possible losses.

    “If you delay further, you will need to have provisioning. That will motivate banks to expedite the [adoption]of EMV,” he said.

    It would be up to the banks how much is their estimate on possible losses that may be incurred due to fraud as a result of not complying with the EMV requirement.

    “It is an equivalent of loan loss provisions. It is for operational risk. They will have to set up provisions for possible losses from fraud,” Espenilla said.

    Until banks are fully migrated to EMV-chip technology, the use of magnetic stripes in payment cards and card-accepting devices will be allowed based on conditions under the EMV Card Fraud Liability Shift Framework (ECFLSF) of the BSP.

    ECFLDF protects customers from any liability that could arise from the use of magnetic stripe cards.

    The liability for this type of fraud is the burden of a bank or financial institution that is not or is only partially compliant with the EMV requirement.

    The framework is expected to accelerate compliance and speed up the dispute resolution and restitution process for customers who have valid claims as a result of fraud or skimming attacks.

    Espenilla said the BSP will require Bancnet to monitor if non-EMV compliant banks are switching off their automated teller machines (ATM) to prevent the public from using other cards on their ATMs that are susceptible to operational risks.

    “We will require Bancnet to monitor if banks are switching off. They do that to shift the liability. They don’t accept other ATMs. That’s cheating to minimize the risk. That would be monitored now,” he said.

    Banks switching off their ATM networks would be fined and penalized, Espenilla noted. “There is a possible monetary penalty but it is needed to be monitored first by Bancnet,” he said.


    Please follow our commenting guidelines.

    Comments are closed.