The Banking Supervision Department advances the implementation of the advanced transaction security standard for payment cards (EMV)
· The promotion of innovation in the payments field, including mobile payments;
· Strengthening competition in the field of payment card issuance and acquiring by removing a barrier to the entry of new players from Israel and abroad;
· Reducing the risks of counterfeiting and misuse of payment cards by upgrading the security mechanisms, including entering a personal identification number (PIN) at the time of payment.
International organizations in the payment card field (Visa and MasterCard), as well as the Bank of Israel, expect that the conversion of the Israeli market to the advanced payment standard will be advanced and completed, and that Israel will meet the standard that is currently common in Europe and is being implemented in the US. The transition will affect merchants, which will be required to replace existing payment terminals with terminals that support the standard, so that they will be able to provide customers with an advanced and secure payment experience.
In recent years, the Banking Supervision Department has issued several guidelines regarding the adoption of the EMV standard for entities dealing with the issuance and acquiring of payment cards (Proper Conduct of Banking Business Directives 470 and 472). The Banking Supervision Department is guiding the process through a designated implementation forum that includes the international credit card schemes (Visa and MasterCard), the Israeli credit card companies, terminal suppliers and the Small and Medium Business Agency, among others. This forum monitors progress in adopting the standard, and discusses solutions for the removal of barriers facing parties involved in the implementation and ideas to encourage the conversion.
As part of the implementation process, the banking Supervision Department is today publishing a draft revision of the Circular from the Supervisor of Banks from May 1, 2016. The revision takes into account the fact that the supply of point-of-sale (POS) terminals that meet the standard remains limited, and enables greater flexibility for merchants currently in the implementation process. The main changes are as follows:
· As a rule, as of August 1, 2017, new terminals (at both new and existing merchants) will be connected only to the new SHVA system that supports EMV transactions (“Ashrait EMV”)
· However, taking into account the needs of merchants, and in view of the complexity of bringing new terminals into the market, new terminals will be able to connect to the old system, which does not support the EMV standard (“Ashrait 96”) in the following cases:
o When there is no terminal in the market that is prepared for working with the new system and which meets the needs of the merchant. (The list of available solutions for each type of terminal can be viewed on the SHVA company’s website.)
o When the yearly acquiring volume of the merchant does not exceed NIS 60,000 (micro-merchant). In such a case, the period in which the merchant will be able to connect a new terminal that does not meet the standard has been extended to December 31, 2018.
· In order to help merchants select terminals, the SHVA company has been instructed to publish a list of terminal models that are prepared for working with the new system, divided by type, on its website.
· In order to incentivize the players in the market to implement the EMV standard, including the existing merchants that currently use terminals that do not meet the standard, a liability shift mechanism has been set out in the directives, which sets out that in a case of payment through a smart payment card (with a chip) at a merchant where there is no EMV terminal, in the event of fraudulent misuse of the card, the acquirer is responsible for returning the charge amount resulting from misuse, and it is permitted to shift the liability to the merchant.
With the objective of providing terminal manufacturers and merchants a sufficient amount of time to prepare for the implementation of the standard, the start of the liability shift mechanism has been delayed to January 1, 2018. Following that date, a merchant that does not support transactions with the EMV standard and continues to work with magnetic strip cards will be exposed to fraud damages.