If you’ve replaced your credit or debit card lately, you may have been told about a new “chip” being added for extra security. That chip, or its wireless “contactless” payment system counterpart, is part of a planned migration to a new Europay, Mastercard and Visa (EMV) security standard. For consumers, this will be an effortless transition as new and replacement cards will simply come with the chip or wireless technology. However, many small business owners do not realize they may be at risk if they have not upgraded their credit card machines by October 1, 2015.
On the upside, Quickbooks reports “the United Kingdom has been very successful at reducing credit-card fraud since its own EMV migration. Since introducing EMV-chipped cards into its market, face-to-face credit-card fraud has dropped a whopping 72%. A similar trend took place in Canada, where, between 2011 and 2013 (the years immediately following Canada’s migration to EMV-chipped cards), domestic counterfeit fraud dropped 42%.”
On the downside, they go on to note that after October 1st, “fraud liability shifts to the party with the least-secure means of accepting payments. This means that the party without EMV-capable payment processing will be liable for counterfeit fraud.”
This liability shift means that small businesses who have not upgraded their hardware to meet the new standard will be responsible for fraudulent purchases, and not the issuing banks.
A recent Wells Fargo report noted that more than half of all small businesses don’t even know the transition is happening, let alone that the deadline is just around the corner. According to the report, “Among business owners who report accepting point-of-sale card payments, only 31% say that their existing credit card processing system accepts chip-enabled cards. When asked if they plan to upgrade their point-of-sale credit card terminals to accept EMV chip cards, just 29% of business owners said they intend to make the change before the Oct. 1 deadline. Another 34% of business owners reported they will at some point in the future after October, and 21% say they never plan to upgrade.”
Square is providing incentives to its consumers to upgrade by absorbing all faulty charges on behalf of its customers who have pre-ordered their latest card-reader, reports ArtsTechnica.com. ZDnet.comreports that Intuit is also working to help small business owners by offering a $30 mobile EMV reader for iOS and Android phones in advance of October 1st.
"Knowing that the mechanics of handling EMV cards will be unfamiliar territory for merchants, their employees, and their customers, we've designed in features like an easily visible LED and in-app indicators to provide visual cues for successful and unsuccessful card reads," Ralph Matlack, director of product management for Intuit's payment offerings, said, adding that the battery was also tweaked to last a full week on a single charge.
For business owners looking to mitigate their risk in advance of the looming deadline, Quickbooksadvises folks do the following:
1.) Audit their hardware
2.) Discuss EMV-compliant options with their servicer
3.) Purchase appropriate hardware
4.) Get terminals Level 3 certified, if applicable
5.) Train their employees
6.) Know the difference between “chip-and-pin” and “chip-and-signature”
7.) Educate their customers
At Sinu, we’re always looking for ways to help our clients increase security while minimizing risk. This is an important issue we hope you’ll share with your colleagues and other business owners to help raise awareness of the new EMV security standard and avoid the risks associated with using obsolete technology.