[Politech] Followup: No, you're not liable for "smart card" security breaches [econ]

From: Declan McCullagh (declan@private)
Date: Fri Jul 08 2005 - 21:09:05 PDT

Previous Politech message:

-------- Original Message --------
Subject: 	Liability Shift in Canada
Date: 	Fri, 8 Jul 2005 14:22:17 -0400
From: 	Catherine Johnston <catherine@private>
Reply-To: 	<catherine@private>
To: 	<declan@private>

A number of your readers and my members have emailed me today in regards
to your item on liability shift for credit cards in Canada.

I'd like to clarify two things in relationship to the Canadian emergence
of EMV payment aplications.  The first is that the liability shift that
is mentioned for 2010 applies only to Visa Canada.  Unlike the US,
Canadian financial institutions choose to issue either Visa or
MasterCard, but cannot issue both.  The liability shift was a decision
made by the members of Visa Canada.  MasterCard Canada has announced
that they are ready to move to EMV whenever their members wish to
proceed, but no rollout or liability shift dates have been discussed.
Our Interac real time debit system is also moving to EMV.

In terms of acquirers, several years ago most of the Canadian financial
institutions issued credit cards as well as acquiring transactions from
merchants.  Although some still acquire, most FIs sold that part of
their business to external acquirers.  The cardholder is not considered
to be an acquirer and the liability for each cardholder is limited by
their agreement with the issuing FI.

Declan, it took me a very long time to sort out acquiring from issuing,
so I hope this helps.  The payment system in Canada is similar in many
ways to the US, but issues such as association duality are radically

Best regards.

*Catherine Johnston*

Catherine Johnston
President & CEO, ACT Canada
Chairman, International Smart Card Associations Network (ISCAN)

ACT Canada
*Advanced Card Technology Association of Canada*
85 Mullen Drive
Ajax, Ontario, L1T 2B3

(1) 905 426-6360 extension 23

*ACT Canada members, both domestic and international, benefit from access to
information, networking and market analysis.  We provide a neutral forum for
stakeholders to learn, share information and pursue their goals.  Founded in
1989, we are internationally recognized as a reliable source of information
on advanced cards and the Canadian marketplace.*

-------- Original Message --------
Subject: Re: [Politech] Who's liable for "smart card" security 
breaches?	You? [econ]
Date: Fri, 08 Jul 2005 09:26:34 -0700
From: Richard Powell <admin@private>
Reply-To: admin@private
Organization: Valet Pay LLC
To: Declan McCullagh <declan@private>
References: <42CE021D.8010506@private>


Important note.  The Acquirer is NOT Joe Consumer (card holder).  Please
see the following definition.


'The acquirer is a member of MasterCard and Visa, and is contracted with
merchants to accept merchant sales drafts, provide authorization
terminals, instructions, and support, and handle the processing of
credit card transactions.'

Richard Powell
Valet Pay LLC

-------- Original Message --------
Subject: RE: [Politech] Who's liable for "smart card" security breaches? 
Date: Fri, 8 Jul 2005 10:09:06 -0400
From: Richard M. Smith <rms@private>
To: <tony@private>
CC: <declan@private>

 >>> Who are [credit card] acquirers?

Google knows:


credit card acquirers (companies that focus on selling credit card
processing direct to merchants)

 >>> credit card and debit card fraud rates are quite high

Actually fraud rates are falling.

The primary purpose of new credit card technology is to speed up
transactions so that people will use cash less and credit cards more.  RFID
credit cards for example will eliminate signatures when making a credit card


-------- Original Message --------
Subject: Re: [Politech] Who's liable for "smart card" security breaches? 
You? [econ]
Date: 8 Jul 2005 06:30:27 -0400
From: John M Levine <johnl@private>
To: Declan McCullagh <declan@private>
CC: politech@private
References: <42CE021D.8010506@private>

 > "With a market of approximately 55 million cards, it is anticipated that
 > issuers will start
 > deploying smart cards in 2006 with critical mass expected by 2010, after
 > which the
 > liability in case of fraud will shift from issuers to acquirers."
 > Who are acquirers?  Joe Consumer?   If so why would the liability
 > shift?   What if the systems have been broken by then?

The acquirer is the agent that handles the charge for the merchant. I
think it's quite appropriate for them to be resposnsible for checking
for stolen or bogus cards.
It's most definitely not the cardholder.


Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

This archive was generated by hypermail 2.1.3 : Fri Jul 08 2005 - 21:38:26 PDT