Ready or not, here they come. If you deal with credit cards, it’s in your best interest as a small-business owner to be ready for the switch to EMV credit-card technology later this year. Starting October 2015, U.S. credit-card issuers will hop onboard the security bandwagon that’s been going strong in Europe since the late 1990s and begin issuing customers EMV, aka “chip-and-pin” credit cards. With swipe-and-sign cards on the path to extinction, now’s the time to update your payment-processing system.
Small businesses, in particular, often hesitate to upgrade credit-card terminals and processing software because of the associated costs. New devices can cost between $400 and $700 per terminal, plus the price of any new software. But the cost of waiting to update could quickly become much greater. Currently, issuing banks absorb the cost of almost all credit-card fraud, which they then pass on to consumers and merchants in the form of increased fees. But starting in October, those costs could be charged back to you, the merchant. Therefore, even though U.S. credit cards will initially be equipped with both a chip and a magnetic stripe to ease the transition, it’s in most merchants’ best interest not to delay the update.
EMV and Fraud
EMV cards prevent more fraud than those with magnetic stripes because the chipped cards do not contain static data that can be used to create counterfeit cards and make fraudulent transactions. Instead, each time an EMV card is used for a purchase, the chip embedded in the card creates a unique transaction code that can never be used again. Even if a hacker succeeds in stealing the chip information from a specific point of sale, trying to duplicate that information would be like trying to use an expired password. Because the stolen transaction number can’t be used again, the purchase is declined.
Credit-Card Fraud More Prevalent in the U.S.
One-quarter of the world’s credit cards are issued by U.S. banks, and half of the more-than $11 billion in annual global credit-card fraud occurs in the United States, the only major market that has yet to fully adopt EMV technology. Other nations were more eager to accept the technology because historically they experienced higher fraud rates. But with stronger security safeguarding against fraud in other regions, fraudsters have been shifting their attention back to the United States. As a result, the U.S. has experienced an overwhelming spike in credit-card fraud, including large data breaches at companies such as Target and Home Depot. If the fraud resulting from those sorts of hacks were charged back to merchants, it would likely be enough to push a small company out of business. And experts estimate that once the larger companies have implemented the more secure technology, fraudsters will again shift their attention to small businesses that have delayed the transition.
Determining Liability for Fraudulent Charges
Starting in October [PDF], liability for fraudulent charges will be determined by the technology used for the transaction. If the card is EMV but the merchant is only capable of swiping the magnetic stripe, the merchant will be responsible for the fraud. If the bank hasn’t issued the customer a new card, however, and the merchant had the technology to process an EMV, any fraudulent charges will still be the responsibility of the issuing bank. In situations where the card and the merchant are using similar technology, the issuer will still hold responsibility for fraudulent charges.
In short, as long as you can process payments supporting EMV technology, you will be exempt from chargebacks resulting from fraud. So, although Javelin Strategy and Research estimates U.S. merchants will need to invest $2.6 billion over the next few years to upgrade their credit-card terminals, that expense pales in comparison to potentially absorbing more than $5 billion a year in fraudulent charges.
Get Your Business Ready
With the change in liability looming, there are several steps you can take in order to prepare for the road ahead. You need to update your terminals and software, and train employees to use the new system.
You may be among the any small businesses that don’t physically process cards. If your small business has a MOTO or e-commerce merchant account, you won’t need to change your systems to continue processing card-not-present transactions.
Be aware, however, that the transition to EMV could still impact you. Experts predict that once EMV is widely adopted, fraudsters will once again shift their focus — this time to card-not-present transactions. To protect yourself and your customers, be sure you are taking extra security precautions, such as checking IDs and verifying customers’ addresses and CVV2 security codes for all transactions.