If you are wondering, “What is that?” you are not alone. According to the latest Wells Fargo/Gallup Small Business Index, more than half of merchants were unaware that as of October 1, 2015, liability for fraudulent use of a credit card shifted from the card-issuers to the merchants that are not EMV card compliant.
EMV cards (named for the companies driving the technology—Europay, MasterCard and Visa) are credit cards with a microprocessor chip embedded in them. Widely used in Europe, these cards have substantially reduced credit card fraud in the bricks-and-mortar world. But, until recently nearly all U.S. issued magnetic strip credit cards.
Magnetic strip cards imbed static authorization in the strip on the back of the card. Because it is static, the information can readily be reused, making life easier for those seeking to commit credit card fraud. In contrast, the microprocessor chip in the EMV card dynamically generates a unique transaction authentication each time it is used. An additional level of security can be provided by requiring the user to enter the PIN number he or she selected before the authorization is complete. (This is common in European countries.)
High-profile data breaches at major retailers finally prompted the U.S. to join Europe, Canada and many Asian countries on the chip-card bandwagon. Earlier this year, credit card companies began issuing EMV chip cards to their cardholders. And, to encourage merchants to invest in the equipment and training necessary to accept those cards, the major companies established October 1 as the liability-shift date.
Bear in mind this deadline is not mandatory—your credit card payment processor will not cut you off if you still accept the old-fashioned magnetic card payments. However, if you do so, you will expose yourself to liability for fraudulent purchases.
In the past, if a transaction wasfraudulent, the card-issuer (Visa or MasterCard, for example) bore the full financial responsibility for the loss. Absent extraordinary circumstances, the retailer still got paid. However, now the card-issuer will be liable only for transactions made at a chip-enabled card terminal or if they have failed to issue EMV cards to their cardholders.
Despite the shift in the risk of liability for fraud, the Wells Fargo/Gallup Small Business Index found that 21 percent of small business owners never planned to upgrade and another 34 percent indicated that they did not plan to upgrade before the October 1, 2015 deadline. In addition to shifting liability to the individual business owner, the liability-shift deadline may shift fraudulent purchasing away from larger merchants, who are more likely to be compliant, to smaller businesses. (It will also shift fraudulent purchasing toward online merchants whose customers don’t present physical cards to scan.)
In many cases, smaller businesses find the upgrades relatively inexpensive and straightforward. For example, if you use Square for payment processing, then the upgrade is as simply as acquiring a new dongle for your phone. Other point-of-sale (POS) providers also offer straightforward solutions and upgrades—many of which are plug-and-play. If your hardware and software is several years old, you may need additional upgrades. Contact your POS providers for more information.
In order to protect your business, the best policy is to upgrade to chip-compliant terminals, rather than hope no fraudulent payments are made at your business.