July News – EMV Liability, California Privacy Enforcement, PCI CAT FAQ

By | July 28, 2021

Regulatory News This Month

Outdoor EMV Liability Shift Increasing — A CMSPI analysis found that chargebacks have tripled since January 2021. “If you look at January as the baseline month, May is almost triple of what January was in terms of overall chargebacks. There was a pretty substantial increase of about 50 percent in April, and that really ballooned in May,” Pynn said, explaining that chargebacks are often delayed because it takes some time for the consumer to realize the fraud and file a report. “The feedback loop takes some time.”

EMV liability shifts are not new to the convenience and fuel retailing industry. The in-store EMV deadline occurred in 2015; however, the shift for at-the-pump transactions was pushed back multiple times to April 2021. While the most recent delay was driven by the COVID-19 pandemic, Pynn pointed out that becoming compliant at the pump is a more difficult undertaking than becoming compliant in the store.

“Chargebacks have not only grown in volume, but they have grown in value. The average value of every chargeback hovered somewhere around $50 before April. Then, in April and May, they grew to over $70. That’s an almost 40-percent increase,” he noted.

(Reuters) – The California attorney general’s office started enforcing the California Consumer Privacy Act (CCPA) on July 1, 2020. Does your app or website collect data?

The majority of businesses that received notices from the California Department of Justice of an alleged violation of the state’s privacy law have addressed the issue within the 30-day statutory window, California Attorney General Rob Bonta said on Monday.

The California attorney general’s office started enforcing the California Consumer Privacy Act (CCPA) on July 1, 2020. Since then, 75% of businesses that the state notified acted to comply, while the other 25% are “either within their 30-day window or are under an active investigation,” Bonta said during a press conference about the first year of enforcement of the law.

Under the privacy law, businesses have 30 days to “cure” an alleged violation after being notified, before the attorney general’s office can start an enforcement action.

Read more:

Calif. Attorney General Becerra outlines ABCs of CCPA as enforcement kicks in

New California privacy board includes academics, government and law firm alums

Q&A: What’s next for California Consumer Privacy Act litigation

PCI Compliance Kiosks – CAT or Cardholder Activated Terminals FAQ — Link

There are two primary classifications of Point of Sale Terminal Types: Attended and Unattended Payment Terminals are classified into two major types, depending on the situation:

  1. Attended Terminals
    1. A POS Transaction occurring at an attended POS Terminal is a face-to-face Transaction, since a Sales Person or Representative is present at the time of the Transaction.
  2. Unattended Terminals or Cardholder Activated Terminals (CATs)
    1. A POS Transaction occurring at an unat­tended POS Terminal is a non-face-to-face Transaction, as NO Sales Person or Represen­tative is present at the time of the Trans­action. Examples of unattended POS Terminals include ticket dis­pen­sing machines, vending machines, auto­mated fuel dispensers, toll booths, kiosks, and parking meters.

Saying Yes to a McDonalds, Costco or a Home Depot

Quasi Classification of “Semi-Attended” — This is a gray area coined by processors in order to permit use of Attended Terminals in an Unattended Mode. Typically this is seen by large corporations (e.g. Home Depot, Costco) where they wish to use the same terminals throughout the business case with the same liability. The processors will “concede” to the use but only with additional stipulations for use. Preconditions for obtaining such a classification by the processor is directly related to leverage the corporation may exert. Small business is not in that position.