Starting last year, the 4 major US card brands – MasterCard, Visa, Amex, and Discover – issued announcements that beginning in April 2018, merchants are no longer be required to collect signatures on card present transactions. Each card brand’s program has different rules and requirements about which transactions are exempt from signature collection, but broadly, credit and debit transactions performed in North America will no longer require signature collection regardless of transaction amount. This is a major change to the checkout experience and one that is being applauded by merchants and consumers alike, but what will this mean for you, and what should you start doing to prepare? This post seeks to answer key questions that merchants may have about the change.
What spurred this change?
The primary reason stated is to increase the speed of service at the point of sale. Another reason is that many transactions already qualify for signature exemption under the current small ticket programs, which are typically used for purchases under $50 in the US. Mastercard estimates that ~80% of US transactions already qualify and do not require a signature.
In addition to speed of service, fraud protection is a key reason for the change. Card brands are using this opportunity to pursue modern technologies like tokenization, real-time fraud monitoring, and biometric authentication to reduce fraud. The rise of new payment form factors, such as phones and wearables, which offer contactless payment functionality, provide a higher level of security than signature collection and verification.
Additionally, the proliferation of EMV has proven to be more effective at deterring fraud than signatures. This has led to a significant reduction in card present fraud. It is not a surprise, most merchants are not performing the steps necessary to validate signatures in the first place — when was the last time a cashier compared the signature on your card to the one you scribbled on a receipt?
Are the brands all aligned on which transactions will qualify?
Mastercard, Discover, and American Express are dropping the requirement for merchants to support signature capture for credit and signature debit transactions. Visa has stated that the signature requirement will be waived for merchants that have implemented EMV contact or EMV contactless acceptance.
A key takeaway here is that non-EMV enabled merchants will still be responsible for collecting signatures as they do today for Visa transactions, which makes up the majority of card volume in the US. Merchants that are not EMV certified will need to decide between having different signature requirements for Visa transactions, which could create a poor consumer experience, or collecting signatures for all card brands, when applicable. Ultimately, this decision will also come down to the individual merchant’s business rules and whether a merchant’s payment system can handle this level of differentiation.
What changes do I need to make?
Depending on your specific payment environment, there may be changes required for the point of sale, middleware software or PIN Pad software (which may include the kernel for EMV certified merchants). At a bare minimum, there may be system configuration changes required, which will incur regression testing and deployment. If you have already certified support for signature CVM, removing it should not require re-certification, however, you should speak with your acquirer to review your specific certification requirements.
Does this mean I can stop collecting all signature in April 2018?
No. Merchants that collect signatures for purposes other than cardholder verifications (i.e. age verification, HIPAA or PII policy acknowledgments, and for private label or fleet programs) will still be required to collect a signature. You should be sure that any applicable local/network legal requirements for signature collections are still observed.
What should I be doing to prepare?
You should begin discussions with your internal business and IT teams to identify the impact and steps required to remove signature as a CVM. You should also talk to your vendors to understand the roadmaps/requirements to support removing signature collection. Besides point of sale and terminal vendors, you should also meet with your acquirer and, if applicable, your private label and/or fleet card issuers to validate your approach and review additional requirements.
This is a major change for all parties, it is not clear what impact this will have on the overall number of and process for managing retrieval requests and chargebacks. We advise merchants to begin reviewing these changes internally and with key vendors to understand the true impact of the change and to develop a plan to implement it.
For further information, contact Sean at firstname.lastname@example.org.